Problem with IdP Proxy Configuration

This topic contains 8 replies, has 3 voices, and was last updated by Profile photo of Scott Heger Scott Heger 1 week, 2 days ago.

  • Author
    Posts
  • #15788
    Profile photo of annouar annouar 
    Participant

    Hello everyone !

    In order to deploy a Federation solution for my company, I am currently testing OpenAM ! I have to say that a great job was made on the tool !

    The use case I am currently testing is the following : I got multiple IdP (got 2 now, but more later) and a SP. First, is that possible to redirect a user who wants to access to restricted content to the correct IdP depends on email domain ? For example, I got two Idp from two different companies : IdPcompanyA and IdPComanyB. I want the IdpCompanyA login page to be displayed to all users who try to access to my ressource with email like xxxxxxxx@companyA.com, and the IdpCompanyB login page to be displayed to all users with email xxxxxxxx@companyB.com

    I really don’t know if it’s possible to do this with openAM. That’s why I am trying to deploy an Idp Proxy (it looks like to fit to my needs). I have followed the following confluence page in order to deploy the architecture : https://wikis.forgerock.org/confluence/display/openam/SAMLv2+IDP+Proxy+Part+1.+Setting+up+a+simple+Proxy+scenario
    I used docker version for each module (SP, Idp Proxy, IdP ..). For the “Testing the IdP Proxy scenario” in the Confluence, when I’ve tried to Initiate the SSO, I got an error "HTTP Status 400 - Error processing AuthnRequest. Error retrieving meta data.".

    Any idea why ?

    Thanks a lot !

    Anwar.

    • This topic was modified 1 week, 5 days ago by Profile photo of annouar annouar.
    • This topic was modified 1 week, 5 days ago by Profile photo of annouar annouar.
    #15791
    Profile photo of Scott Heger Scott Heger 
    Participant

    You could handle the auto selecting of the IDP based on email domain with some custom modifications to your proxyidpfinder.jsp page. By default this JSP will list all the available IDPs for the SP the user is trying to access and lets the user pick which one they want to use. You could modify that to provide an input field where the user would enter their email and then based on the domain part you could auto-select the IDP for them.

    As for the Error retrievig meta data message, check your Federation debug file for clues on that one.

    #15793
    Profile photo of Peter Major Peter Major 
    Moderator

    Error retrieving the metadata most likely means that the metaAlias used in the request does not map to any entity configured in the accessed OpenAM instance. Make sure that your SAML metadata are up to date on all nodes involved.

    • This reply was modified 1 week, 5 days ago by Profile photo of Peter Major Peter Major.
    #15806
    Profile photo of annouar annouar 
    Participant

    Hey !

    Thank you for replying so quickly both of you !

    @peter-major humm okay ! But I followed the confluence guide to the letter, I still can’t get why I got the error :(

    @scott-hegeragcocorp-com Thank for the information. As I am really new in openAM, I’ve tried to access to proxyidpfinder.jsp page, but I can’t … Do you have some tips about it ? I also get the Federation debug logs and I have actually found a Java Exception raised with my call but any relevant information about the HTTP Status 400 – Error processing AuthnRequest. Error retrieving meta data. Any idea ?

    Thank you !

    #15809
    Profile photo of Scott Heger Scott Heger 
    Participant

    I have multiple accounts here on forgerock.org and my main one is @shegergmail-com. FYI

    How did you try to access the proxyidpfinder.jsp page? The file itself is located at the root of your deployed OpenAM application. You also have to enable it. You’ll find the setting in the Advanced tab of the IDP side of your IDP Proxy entity. See: https://wikis.forgerock.org/confluence/display/openam/SAMLv2+IDP+Proxy+Part+2.+Using+an+IDP+Finder+and+LOAs for more info on that.

    If you haven’t, kick up your debug level to “Message”, try again, then see what you get in your Federation debug file about your error retrieving meta data.

    #15851
    Profile photo of annouar annouar 
    Participant

    Hey @shegergmail-com !

    Thank you, I have solved my Bad Request issue. I have kicked up my debug to “Message” and I’ve found in my Federation Debug that my idpEntityID parameter can’t be found. After few changes, it seems like I simply had to specify the http protocol to my idpEntityID query parameter. My IdP Proxy scenario url looks like now :
    http://machinea.sp.com/openam/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=http://machineb.idpproxy.com&NameIDFormat=transient

    Moreover, I’ve found the proxyidpfinder.jsp file, and I am going to change it to create my scenario.

    Thank you !

    #15859
    Profile photo of Scott Heger Scott Heger 
    Participant

    Awesome! Don’t forget to change your debug level back to what it was or you risk running your file system out of space. Those debug files can become quite large when debug level is set to Message.

    #15864
    Profile photo of annouar annouar 
    Participant

    Thank you @shegergmail-com for your help.

    Yeah, as soon as my stuff works fine I will change my debug level to error !

    However, I think I need a last helping hand (sorry about that ..). I followed https://wikis.forgerock.org/confluence/display/openam/SAMLv2+IDP+Proxy+Part+2.+Using+an+IDP+Finder+and+LOAs perfectly (I guess), but I got an error with the last testing call. Indeed, my IdP Proxy returns an HTTP Status 404 – /openam/idpfinderError.html. I have searched in openAM source files and I did not found this file, but my proxyidpfinder.jsp does actually use it :
    String errorURL = "idpfinderError.html";
    Should I write my own idpfinderError.html file ?

    But, the most important thing is that my IdP Proxy should not get any error. I can’t get why the error is raised. I put the last traces of my logs :

    SAML2IDPPRoxyFRImpl.getPreferredIDP:Entering.
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityConfig: cacheKey = ///http://machine.idpproxy.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: http://machine.idpproxy.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.isIDPFinderForAllSPs:idpFinderForAllSPs is: true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityDescriptor: cacheKey = ///http://machine.sp.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache http://machine.sp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityConfig: cacheKey = ///http://machine.sp.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: http://machine.sp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityConfig: cacheKey = ///http://machine.idpproxy.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: http://machine.idpproxy.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.getIDPFinderJSP:idpFinderForAllSPs is: proxyidpfinder.jsp
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.getPreferredIDP:SP wants to use IdP Finder
    libPlugins:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    ConfigurationInstanceImpl.getAllConfigurationNames: realm = /, componentName = SAML2
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityConfig: cacheKey = ///http://machine.sp.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: http://machine.sp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityConfig: cacheKey = ///http://client.idp.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityConfig: cacheKey = ///http://machine.idpproxy.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: http://machine.idpproxy.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityDescriptor: cacheKey = ///http://machine.sp.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache http://machine.sp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityDescriptor: cacheKey = ///http://client.idp.fr:8080/openam, found = false
    libPlugins:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    ConfigurationInstanceImpl.getConfiguration: componentName = SAML2, realm = /, configName = http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.putEntityDescriptor: cacheKey = ///http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityDescriptor: got descriptor from SMS http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:listofAuthnContexts: [http://foo.example.com/assurance/loa1]
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:IDP is: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaCache.getEntityDescriptor: cacheKey = ///http://client.idp.fr:8080/openam, found = true
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Extensions found for idp: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Extensions content found for idp: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:462 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Entity Attributes found for idp: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Attribute Values found for idp: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Attribute Value Elements found for idp: http://client.idp.fr:8080/openam–>com.sun.xml.bind.util.ListImpl@9e1b480
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.trimmedListToSet: element added to Set :
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:idpContextSet = [http://foo.example.com/assurance/loa1]
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Extension Values found for idp http://client.idp.fr:8080/openam: [http://foo.example.com/assurance/loa1]
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:Attribute Value Elements found for idp: http://client.idp.fr:8080/openam–>com.sun.xml.bind.util.ListImpl@9e1b481
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.trimmedListToSet: element added to Set :
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA:idpContextSet = [http://foo.example.com/assurance/loa2]
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.selectIdPBasedOnLOA: IDPList returns: http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.getRedirect:: Redirect url = http://machine.idpproxy.fr:8080/openam/proxyidpfinder.jsp
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.storeSessionParamsAndCache: Setting _IDPLIST_ = http://client.idp.fr:8080/openam
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.buildReturnURL: ReturnURL is: http://machine.idpproxy.fr:8080/openam/SSORedirect/metaAlias/idp?SAMLRequest=pVRfb9owEH%2Fvp4j8DklIKWABEgNNQ%2Bq2lLA%2B7M1zzqslx%2FZ8Tke%2F%2FexAGa0qKtHX8%2Fnu98%2BeImuUpYvWP%2BgN%2FGkBfZLsGqWRdicz0jpNDUOJVLMGkHpOq8XXWzroZ9Q64w03ilytVzOCAz4WRcEncDNkk7q4mQguMpbzAUCWCyhYUYx4PRoPSHIPDqXRMxLGkGSN2MJao2fah1KWj3rZoJePtvmQDq%2Fp9egnSVYBmtTMd7cevLc0TRvwzui%2BrG1AsnvqC0fH2ThLjYUANq2q7xuopQPuYytbKMkwDd0k%2BWwch471jAimECKIkiHKRzhWygO9T1LXUv8%2Br8WvfRPSL9tt2Vs4LwXjniQLRHAR9dJobBtwFbhHyeHH5vY1D7SvGTzfOYGPlsyvptEc2snmTuw6j5A9IyHzd%2FZO05P5h22WfgsT16vSKMmfLglJFL1h%2Fnx3rMi6J7pW6h3TKEEHHasy7r9rmZJCgntXu6C8Uubv0gHzwVLvWiDzPbGXVI78DvmHustFkN7Dzl%2FCc2kay5zEmFTYxRTM94adDl6q4McGxAfsE8b0w%2FzGKuhz06Show2CcUiVYfnBxLd2HnV4k%2FJRkIobGyJ9iQRlfI9L03bvOQY2fTHyf%2BH055n%2FAw%3D%3D&requestID=s252cb214992af95e51775faf25b049cb3fc9fddf9
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.storeSessionParamsAndCache: Setting _RELAYSTATE_
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.storeSessionParamsAndCache: Setting _SPREQUESTER_
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.storeSessionParamsAndCache: Setting _REQAUTHNCONTEXT_
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.getPreferredIDP:: Redirect url = http://machine.idpproxy.fr:8080/openam/proxyidpfinder.jsp
    libSAML2:02/17/2017 03:54:47:463 PM UTC: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2332]
    SAML2IDPPRoxyFRImpl.getPreferredIDP: Redirected successfully
    libSAML2:02/17/2017 03:54:47:470 PM UTC: Thread[http-nio-8080-exec-10,5,main]: TransactionId[4d05dc6b-22b0-4759-9cfa-9415648f8ea3-2335]
    SAML2Utils.isRelayStateURLValid(): relayState http://machine.idpproxy.fr:8080/openam/SSORedirect/metaAlias/idp?SAMLRequest=pVRfb9owEH%2Fvp4j8DklIKWABEgNNQ%2Bq2lLA%2B7M1zzqslx%2FZ8Tke%2F%2FexAGa0qKtHX8%2Fnu98%2BeImuUpYvWP%2BgN%2FGkBfZLsGqWRdicz0jpNDUOJVLMGkHpOq8XXWzroZ9Q64w03ilytVzOCAz4WRcEncDNkk7q4mQguMpbzAUCWCyhYUYx4PRoPSHIPDqXRMxLGkGSN2MJao2fah1KWj3rZoJePtvmQDq%2Fp9egnSVYBmtTMd7cevLc0TRvwzui%2BrG1AsnvqC0fH2ThLjYUANq2q7xuopQPuYytbKMkwDd0k%2BWwch471jAimECKIkiHKRzhWygO9T1LXUv8%2Br8WvfRPSL9tt2Vs4LwXjniQLRHAR9dJobBtwFbhHyeHH5vY1D7SvGTzfOYGPlsyvptEc2snmTuw6j5A9IyHzd%2FZO05P5h22WfgsT16vSKMmfLglJFL1h%2Fnx3rMi6J7pW6h3TKEEHHasy7r9rmZJCgntXu6C8Uubv0gHzwVLvWiDzPbGXVI78DvmHustFkN7Dzl%2FCc2kay5zEmFTYxRTM94adDl6q4McGxAfsE8b0w%2FzGKuhz06Show2CcUiVYfnBxLd2HnV4k%2FJRkIobGyJ9iQRlfI9L03bvOQY2fTHyf%2BH055n%2FAw%3D%3D&requestID=s252cb214992af95e51775faf25b049cb3fc9fddf9 for role IDPRole was valid? false

    Here is my architecture:
    SP (machinea.sp.fr:8080/openam)
    |
    IdP Proxy (machine.idpproxy.fr:8080/openam)
    |
    IdP Client 1 (client.idp.fr:8080/openam)

    Do you think is a mistake from me ?

    Thank you !

    Anwar

    #15865
    Profile photo of Scott Heger Scott Heger 
    Participant

    According to https://bugster.forgerock.org/jira/browse/OPENAM-10194 you should write your own idpfinderError.html file.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?