Virtual attributes convertion of user GUID invalid causing issues with SAML SPs and Acceslerated APplications behind AG

  • 7021264
  • 30-Aug-2017
  • 06-Sep-2017

Environment

Access Manager 4.3
Access Manager 4.2

Situation

Have a remote LDAP data source where we need to retrieve GUID and forward to back end SAML Service Provider (Office 365 in this case).
An LDAP search shows the user we are attempting to login with has a valid GUID. The LAN trace shows the GUID being returned and decoded correctly in wireshark. Using the virtual attribute tool however, it does not display the value correctly, and the injected attribute is invalid.

To dup:

1. go to Admin Console
2. go to shared settings -> Virtual Attributes -> Source Attribute
3. select attribute referencing the user GUID
4. show 'add test value' and add user eg. martial in our case
5. select test and enter LDAP admin user credentials
6. verify the response and compare with following GUID output from LDAP search

root@nam32phys:~> ldapsearch -x -h 147.2.16.109 -p 389 -D cn=admin,ou=sa,o=system -w novell -b ou=sa,o=system "cn=martial" guid
version: 1

#
# filter: cn=martial
# requesting: guid
#

# martial,sa,system
dn: cn=martial,ou=sa,o=system
guid:: Jjd0b9dIBUROjCY3dG/XSA==
 
Values will be very different.

Resolution

Fixed in NAM 4.4