NetIQ Access Manager Identity Server
SAML 2.0 Federation
Encryption enabled for assertions
Turns out that the new SAML 2.0 SP required that the name identifier within assertion be encrypted, and this option was enabled for this SP on NAM side. Adding a new NAM IDP server to act as an SP with the same set (encrypted assertion enabled) showed similar problems ie. with "encrypt assertions" and "Encrypt name identifiers" options enabled, the SP would throw the following error when processing assertion:
"An Identity Provider response was received that failed to authenticate this session. (300101021-D87D02A6F4B279C6)".
1. Save a backup copy of xmlsec.jar found at /opt/novell/nids/lib/webapp/WEB-INF/lib/ .
2. Save a backup copy of org directory found at /opt/novell/nids/lib/webapp/WEB-INF/classes/ .
3. Get access to the 4.2.0 IDP installation files and untar the file.
4. Find the rpm "novell-nidp-server-188.8.131.52-221.noarch.rpm" at [installer-path]/nids/.
5. To extract the rpm without installing it, use following command :
"rpm2cpio novell-nidp-server-184.108.40.206-221.noarch.rpm | cpio -idmv"
6. The files of rpm are extracted in same directory.7. Navigate to [installer-path]/nids/opt/novell/nids/lib/webapp/WEB-INF/classes and copy org directory to /opt/novell/nids/lib/webapp/WEB-INF/classes/.
8. Navigate to [installer-path]/nids/opt/novell/nids/lib/webapp/WEB-INF/lib and copy xmlsec.jar to /opt/novell/nids/lib/webapp/WEB-INF/lib/.
9. Restart the IDP Server using command, "/etc/init.d/novell-idp restart".