Provisioning cannot proceed as not all required data was obtained.

  • 7003709
  • 30-Jun-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Linux Access Gateway
Microsoft ADFS on Windows 2003R2

Situation

ADFS as the Identity Provider (IDP)
Access Manager as the Service Provider (SP)
Used Microsoft ADFS Step-By-Step Guide to configure ADFS

When trying to provision a user into the local directory store, we were receiving the following message displayed in our web browser:



Resolution

This error is a product of NAM attribute mapping and ADFS outgoing claims not configured correctly.  In our example, we are trying to provision users base on their CN from AD into a local directory which is eDirectory.  To resolve this issue, an example is provided:

On the ADFS server, perform the following:

First, a custom Organizational Claim needs to be created.  For this example we have create the claim "sAM Account Name mapped to sAMAccountName attribute"



We then need to map our custom claim to an attribute in the Active Directory account store.  Here we mapped "sAM Account Name mapped to sAMAccountName attribute" to the sAMAccountName


We now need to include our custom claim in the outgoing claims that ADFS provides.   These claims will given tot he service provider from Access Manager.  For the purpose of this article we have chosen an arbitrary name "Bubba" to be mapped to the organization claim "sAM Account Name mapped to sAMAccountName attribute".



On NAM, we will need to link "Bubba" to an attribute that NAM recognizes.  Since we are using the sAMAccountName on AD, we are going to map to the LDAP User Name on Access Manager.  Ensure that the "Bubba" is entered as it was on the ADFS side.


Once the mapping is entered, NAM will display the following in the attribute mapping: