• Gateway Timeout error !

    Hello, I am experiencing issues with SSO NAM after a power system problem on the server. The issues are as follows: Applications under SSO that use Access Gateway can be accessed for 1-3 hours, but after that, they display a 504 Gateway Timeout…
  • NAM as a OIDC provider for Sharepoint on Prem

    Hi, New Sharepoint subscription edition got support for Ouath/OIDC, one of our customers got issues with office application and opening documents from Sharepoint on prem when using WsFed/WStrust so we want to test if this might help resolve the issues…
  • Admin Console Reporting Wrong Versions

    Anyone else seeing a rash of issues with the Admin Console reporting the wrong component versions after applying patches? I had a 5.1 dev environment that I was running 5.1.0.1, but I didn't realize that the IdP and AG were still being reported as…
  • NAM 5.1 IdP Fails to Start After Pushing Advanced File Configurator Files

    Upgraded a NAM 5.0 SP4 environment to NAM 5.1 and then immediately applied patch 5.1.0.1, which supposedly fixes the Advanced Configurator issues with NAM 5.1. Went into NAM Admin console after upgrade, I could see the advanced file configurator files…
  • NAM 4.3.2 cannot import signed CSR - java.io.ioexception DerInputStream.getLength too big

    Trying to import a signed CSR (generated by NAM 4.3.2) that was signed by GlobalSign. Never had issues like 3-4 years ago but we switched to DigiCert back then and now we're at Globalsign Anyway, I get this error in the Admin Console. I HAVE imported…
  • Issue with IDP Clusters not showing in Appmarks settings on 5.1.0.1

    Hi! We have just tested our NAM Appliance 5.1.0.1 and have seen quite a weird thing in appmarks bar. When we open Appmarks we cannot select any idp cluseter, because ther are none in the dropdown: I have checked it on version 5.1.0.0 and there…
  • TLS1.3 support

    We currently have a 5.0.4.1 appliance, is there any way to get TLS 1.3s supported in it or any other version of AM that has 1.3 support? thanks, Andrew
  • Error blocking SSO to protected resource

    Hello, I have created a contract for a AG protected resources where I don't wont users to get sso. I have add a authentication level of 15 to the contract (more then next highest level) and have not ticked "Satisfiable by a contract of equal or higher…
  • Add ProviderName field in a SAML authentication request (as SP)

    I asked this a few years ago and the only answer I got was that it was thought that it was not possible. We now have again the requirement of an IDP to include the ProviderName in the request. Does anyone know if this has changed and it is possible…
  • NAM 5.1.0.1 (24.2.1) is out

    Hi! I've just noticed, AM 5.1.0.1 is out. Release note: https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-p1-release-notes/accessmanager51-p1-release-notes.html
  • Office 365 MFA Requirements

    Has anyone that is using NAM and AA for federated SSO to Office 365 been concerned about Microsoft's upcoming requirements to enforce MFA? I cannot find anything very definitive on this. Some things I read seem to indicate if you set SupportsMFA to…
  • Migrate configuration between one NAM to another NAM

    Hi, Currently we are having NAM 5.0.2 in RHEL 7.9 and all components (Admin, IDP and AG) installed in different server. We are planning to setup a same NAM environment and need to migrate all configuration including attribute set, MFA configuration…
  • Access Manager 5.1 and Manage eDirectory objects option

    Hi, In the new Administration Console of version 5.1, is there no longer the option to manage eDirectory objects? Regards
  • How is SAML2 CUSTOM AUTHNCONTEXT CLASS REF LIST expected to work?

    Hello, I thought I had done this the correct way but I'm unable to get it to work so far. Incoming SAML request from trusted SP contains samlp:RequestedAuthnContext Comparison="exact"> <saml:AuthnContextClassRef>id.elegnamnden.se/.../saml:AuthnContextClassRef…
  • Access Gateway Appliance upgrade to 5.0.4

    Experienced after upgraded Gateway Manager Appliance to 5.0.4 Upgrading Access Manager Appliance following documentation https://www.microfocus.com/documentation/access-manager/5.0/install_upgrade/bzj208d.html#t4g6zl8il6oh finish with success message…
  • NAM 5.1 and OCSP/CRL Checking

    Word of warning to those of you upgrading to NAM 5.1. I upgraded a NAM 5.0.4 environment today and after upgrading my IdP wouldn't turn "green". I was getting a warning about one of the certs in the trust store: X509 Certificate Validation Root Exception…
  • NAM 5.1 and IdP Initiated SAML SSO

    Has anyone that uses IdP initiated SAML SSO upgraded to NAM 5.1? I have an environment that was running fine on NAM 5.0.4. I was using IdP initiated SAML SSO for a few SPs ( /nidp/saml2/idpsend?id=XXX ). That all seems to have broken in 5.1. The SAML…
  • Planning for mandatory multifactor authentication for Azure

    Microsoft has announced that starting in October of this year, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. We have several customers who are using NAM as an IdP via WS-Fed federation, and I…
  • Upgrading Admin console and Identity servers from SLES12 to SLES15 SP6

    We are running NAM 5.0.4 on SLES12 SP5 for Admin Console and Identity Servers. The Access Gateway Appliances are running on SLES12. SLES15 SP5 is out of support Dec 31, 2024. Anyone running NAM 5.0.4 on SLES15 SP6? In the documentation for 5.0.4, the…
  • Is there a way to set an Identity Server Role based on the authentication method or contract used?

    I need to solve this scenario: If a person is a staff member, do step-up authentication. If a person is a student, use the default authentication. My idea to solve this: Write risk-based rules that test what method, or contract, was used at login…
  • NAM High Availability Environment

    Hi Everyone, My current environment for NAM is using HA. Since I'm using active-active mode, how can I determine which AC my current IDP is pointing to? I couldn't find this information in the catalina.out log. Is there any other way to verify it? …
  • Authorization Policy to determine if user is member of AD group

    We would like to create an authorization policy to limit access to a SAML2 resource if the user is a member of an AD group. Our primary data source is eDir so we created an additional data source for AD and a virtual attribute called adGroupMembership…
  • Access Manager 5.1 HTTP/2 Protocol Support broken

    Hi everybody! After updating Appliance Version 5.0.4 to Version 5.1 Access Manager is not working properly anymore with HTTP/2 Protocol (Protocols h2) enabled. Also fallback configuration by adding h2 h2c HTTP/1.1 does not work. Services are up…
  • How to identify user transaction x device id in risk module?

    In AM there's a table named risk_usrtransaction. I could not find any way to correlate a transaction registered in this table with the device registered in device_fingerprint table. Does anyone have any info on that?
  • Reverse Proxy SSO to Identity Applications and CSP directive

    I don't know if this is the most appropriate forum, or should this be a question for the IDM community. It seemed more related to NAM to me. We are protecting the IDM Identity Applications by Reverse Proxy SSO. The Form Fill does not work. If we enable…