- Access Manager 4.4.x
- Access Manager 4.5.x
- Access Manager 5.0
- Access Manager IDP server has been configured as SAML2 Identity Provider
- 3Rd Party SAML2 Service Srovider Metadata does not include any encryption or signing certificate but instead uses a key reference using the:
NAM IDP server returns:
- add the signing and encryption certificate to the already imported metadata using iManager
- or create a complete new metadata document storing encryption and signing certificates as: "<ds:X509Data> XML element
- an Enhancement Request has been added for the feature at:
In case you require the same functionality you can raise your vote for it.
- using the "<ds:KeyName>" XML Signature is not supported by any version of Micro Focus access Manager
The <ds:KeyName> element is a certificate name referencing a certificate in a given keystore. The advantage of using just a reference is that no new metadata has to be created and distributed in case a new signing / encryption certificate has been assigned. This has not yet been implemented with Access Manager.
- turn on the following logging options:
- use a browser client with a SAML Tracer plugin or a Windows Workstation with fiddler installed to review the flow and all SAML2 messages routed by the browser client
- For XML Signature validation you can reference KB 7024052 which includes all the required steps to add the required debug output