Federated link for SAML 1.1 is not displayed on accessing the protected resource

  • 3247813
  • 22-Nov-2007
  • 26-Apr-2012


Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Access Manager Support Pack 1 applied


SAML 1.1 setup exists between two Access Manager Identity Servers (one acting as a SAML Service Provider and one as an Indentity provider). An Access Gateway is installed and acts as a Liberty service provider in a liberty relationship with one of the SAML service provider. When a user accesses a protected resource on the Access Gateway and gets redirected to the Liberty Identity server for authentication, there is no link on this Identity Server offering the option to login at the SAML 1.1 Indentity server.

Performing the same request with SAML 2 as the protocol between the two Access Manager Identity server provides users with a link to login to the SAML 2 Identity server.


Working as designed. SAML 2 as a protocol allows users to do an SP initiated Single Sign On (SSO), and therefor the link to redirect the user from the SAML SP to the SAML IDP is provided.

With SAML 1.1, the only option is an IDP initiated SSO. In this setup, you could never hit the protected resource on the AG, get redirected to the Liberty Identity server and then hit another option to take you to the SAML 1.1 Identity server. You have to go to the SAML 1.1 IDP server and hit the IDP initiated SSO link (see"Specifying the Intersite Transfer Service URL" at https://www.novell.com/documentation/novellaccessmanager/adminguide/index.html?page=/documentation/novellaccessmanager/adminguide/data/b5m572b.html for more details.

Authenticating to the SAML 1.1 IDP server using this intersite transfer link will allow you to SSO to the Access Gateway protected resources.