Environment
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Situation
Access Manager SAML Identity (IDP) server setup (version 1 or 2) with an Intersite Transfer URL configuration pointing to the SAML Service Provider (SP). An ID and Target are specified in the Intersite transfer URL configuration. The option to 'allow any target' is disabled.
WHen the user hits this intersite transfer URL with a pre 3.1 SP3 build of Access Manager, the user is prompted to authenticate at the IDP server and when successful, an assertion is sent over to the SP for single sign on. After applying Access Manager 3.1 SP3, the user user gets an "Untrusted provider" error message immediately after submitting credentials.
WHen the user hits this intersite transfer URL with a pre 3.1 SP3 build of Access Manager, the user is prompted to authenticate at the IDP server and when successful, an assertion is sent over to the SP for single sign on. After applying Access Manager 3.1 SP3, the user user gets an "Untrusted provider" error message immediately after submitting credentials.
Resolution
Download ftp://ftp.novell.nl/out/AM_31_SP3_ConfigurationUpgrade.ZIP and run the ConfigUpgrade.sh script on Linux primary Administration
Console or ConfigUpgrade.bat script on Windows primary Administration
Console. After running the appropriate ConfigUpgrade script, the
administrator must login to the Administration Console and apply the changed
configuration on the Identity Server devices that are upgraded to 3.1
SP3.
On upgrading to 3.1 SP3, by default, the default intersite transfer URL parameters were changed due to the SP Bockering functionality. This issue will be fixed in 3.1 SP3 IR1.
On upgrading to 3.1 SP3, by default, the default intersite transfer URL parameters were changed due to the SP Bockering functionality. This issue will be fixed in 3.1 SP3 IR1.