This post explains the implementation details around achieving IWA authentication for IIS 7.5 using OAM 10.1.4.3. Refer to the list of supported / available webgates for respective IIS version and OS version here. We’ve used Windows 2008 R2 64-bit, IIS 7.5 in our environment. It is assumed that WebGate instances, Host Identifiers, Authentication Schemes and […]
Read MoreThis is continuation to OVD 11g experience related posts. Please refer the earlier posts here. Usually when you are searching an user/group in LDAP we would apply filters. Here are few examples: (objectclass=person) (&(objectclass=user)(objectclass=inetorgperson)) (|(mail=*@myorg.com)(uid=*@myorg.com)(sn=*)(givenname=*)(cn=*)) (&(|(uid=*)(cn=*))(sn=*)) While you’re creating an LDAP Adapter, OVD provides an easy option to add these filters. In the specific Adapter, […]
Read MoreThis is a continuation to OVD 11g implementation experiences. Please refer to my previous post for LSA adapter implementation. We are using AD adapters underneath LSA adapter. There are list of attributes that needs to be returned as part LDAP search query for both AD Users and Groups. By default OVD will return all the […]
Read MoreI’ve had the opportunity to work on OVD 11.1.1.7 recently and I would like to share couple of experiences. First comes first Local Store Adapter. Why we need this? The requirement is to provide unified view of two different Active Directories (it could be of any other LDAP). I’ve created 2 AD Adapters and to […]
Read MoreI would like to share my experience with strange issue that encountered in our OIF production environment. We are using OIF 11.1.1.5 in cluster mode. OIF is using OVD as user store which is talking to AD underneath. OIF is also using DB for Federation and configuration data stores. We are acting as Identity Provider […]
Read MoreThis is in continuation to Fedlet series. Configuration of logging in Fedlet is fairly simple. By default warning mode is set for logging. To enable debug mode which is called as message mode in Fedlet, edit the FederationConfig.properties present under fedlet configuration directory. Look for below lines com.iplanet.services.debug.level=warning com.iplanet.services.debug.directory=@FEDLET_HOME@/debug Change the debug level to message. […]
Read MoreThis is in continuation of my previous post. idp.xml: This is the Identity provider metadata file. Don’t modify this file while placing it in fedlet configuration directory. idp-extended.xml: This file is generated by Fedlet by default. Copy the entityID from idp.xml to idp-extended.xml. fedlet.cot: This is the circle of trust file. This signifies what all […]
Read MoreThis is in continuation of series of posts on exploring Fedlet. Check my previous posts for setup, use cases. I will explain various configuration files in a fedlet instance and its significance. Once the fedlet is setup, you will find all configuration files under feldet configuration directory. In any environment, by default the fedlet instance […]
Read MoreI was working on federation with IDP as custom solution and SP as fedlet. The SAML authentication request and SAML response was generated successfully. However while validating the SAML response by Fedlet, it was throwing the below error in the browser. Upon looking at libSAML2 debug file I could see 2 exceptions in the logs […]
Read MoreThis post covers the setup of Fedlet in a linux platform. To know the basics of fedlet, go through the previous posts, Basics and use case. Fedlet can be downloaded from OTN. The fedlet classes were built on JDK6 and hence JDK6 has to be used in your environment. Fedlet will be deployed in an […]
Read More