single sign on - OpenAM and ArcGIS -

-

i log arcgis portal open am. have follow arcgis documentation : http://doc.arcgis.com/en/arcgis-online/reference/configure-openam.htm when ssoredirect have folling error :

    libsaml2:11/14/2014 05:14:52:570 pm cet: thread[http-8080-1,5,main]     **********************************************     libsaml2:11/14/2014 05:14:52:569 pm cet: thread[http-8080-1,5,main]     error: idpssofederate.dossofederate: unable sso or federation.     com.sun.identity.saml2.common.saml2exception: impossible de générer une valeur nameid.         @ com.sun.identity.saml2.plugins.defaultidpaccountmapper.getnameid(defaultidpaccountmapper.java:143)         @ com.sun.identity.saml2.profile.idpssoutil.getsubject(idpssoutil.java:1512)         @ com.sun.identity.saml2.profile.idpssoutil.getassertion(idpssoutil.java:912)         @ com.sun.identity.saml2.profile.idpssoutil.getresponse(idpssoutil.java:730)         @ com.sun.identity.saml2.profile.idpssoutil.sendresponsetoacs(idpssoutil.java:422)         @ com.sun.identity.saml2.profile.idpssofederate.dossofederate(idpssofederate.java:1071)         @ com.sun.identity.saml2.profile.idpssofederate.dossofederate(idpssofederate.java:129)         @ org.apache.jsp.saml2.jsp.idpssofederate_jsp._jspservice(idpssofederate_jsp.java:114)         @ org.apache.jasper.runtime.httpjspbase.service(httpjspbase.java:70)         @ javax.servlet.http.httpservlet.service(httpservlet.java:723)         @ org.apache.jasper.servlet.jspservletwrapper.service(jspservletwrapper.java:388)         @ org.apache.jasper.servlet.jspservlet.servicejspfile(jspservlet.java:313)         @ org.apache.jasper.servlet.jspservlet.service(jspservlet.java:260)         @ javax.servlet.http.httpservlet.service(httpservlet.java:723)         @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:290)         @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)         @ org.apache.catalina.core.applicationdispatcher.invoke(applicationdispatcher.java:646)         @ org.apache.catalina.core.applicationdispatcher.processrequest(applicationdispatcher.java:436)         @ org.apache.catalina.core.applicationdispatcher.doforward(applicationdispatcher.java:374)         @ org.apache.catalina.core.applicationdispatcher.forward(applicationdispatcher.java:302)         @ com.sun.identity.authentication.ui.loginviewbean.forwardto(loginviewbean.java:640)         @ com.iplanet.jato.applicationservletbase.dispatchrequest(applicationservletbase.java:981)         @ com.iplanet.jato.applicationservletbase.processrequest(applicationservletbase.java:615)         @ com.iplanet.jato.applicationservletbase.dopost(applicationservletbase.java:473)         @ javax.servlet.http.httpservlet.service(httpservlet.java:643)         @ javax.servlet.http.httpservlet.service(httpservlet.java:723)         @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:290)         @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)         @ org.forgerock.openam.validation.responsevalidationfilter.dofilter(responsevalidationfilter.java:44)         @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:235)         @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)         @ org.forgerock.openam.xui.xuifilter.dofilter(xuifilter.java:113)         @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:235)         @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)         @ com.sun.identity.setup.amsetupfilter.dofilter(amsetupfilter.java:98)         @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:235)         @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)         @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:233)         @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:191)         @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:127)         @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:103)         @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:109)         @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:293)         @ org.apache.coyote.http11.http11aprprocessor.process(http11aprprocessor.java:879)         @ org.apache.coyote.http11.http11aprprotocol$http11connectionhandler.process(http11aprprotocol.java:617)         @ org.apache.tomcat.util.net.aprendpoint$worker.run(aprendpoint.java:1774)         @ java.lang.thread.run(unknown source)

i think have miss nameid. idea how configure ? thx !

the reason "unable generate nameid value" error, trying create assertion non-persistent & non-transient nameid-format. in cases openam not know value use nameid element, need set nameid value map on hosted idp's configuration pages.

with nameid value mapping can assign given attribute value user's entry <nameid> element actual nameid-format.

for example following mapping:

urn:oasis:names:tc:saml:1.1:nameid-format:unspecified=uid

whenever there incoming authnrequest requests unspecified nameid-format, returned assertion contain nameid value similar this:

<saml:nameid format="urn:oasis:names:tc:saml:1.1:nameid-format:unspecified">demo</saml:nameid>

where "demo" logged in user's uid attribute's value.


Comments

Post a Comment

Popular posts from this blog

c++ - QTextObjectInterface with Qml TextEdit (QQuickTextEdit) -

-
i registred handler simple qtextobjectinterface , draws 10x10 red rectangle. when used qtextedit in normal qwidget app, worked. when used qquicktextedit (textedit qml component) in qt quick app, doesn't worked (nothing drawed, rectangle in textedit reserved, because when change cursor position, notice there something, empty space, nothing drawed. qtextobjectinterface intrinsicsize method called (that explains why see there empty space 10x10), drawobject method isn't. i did research , found problem here: qquicktextedit.cpp qt 5.3.0 sources (line 1821) qsgnode *qquicktextedit::updatepaintnode(qsgnode *oldnode, updatepaintnodedata *updatepaintnodedata) { . . . if (textframe->firstposition() > textframe->lastposition() && textframe->frameformat().position() != qtextframeformat::inflow) { updatenodetransform(node, d->document->documentlayout()->frameboundingrect(textframe).topleft()); c...
Read more

javascript - angular ng-required radio button not toggling required off in firefox 33, OK in chrome -

-
i trying toggle required attribute on radio button using angular show html5 popup. i cannot following code function correctly in firefox 33. function correctly in chrome. required property being toggled via checkbox value, in firefox, when set false radio button still acts required , shows html5 required popup. see plnkr below example doesn't work me in ff 33. <!doctype html> <html> <head> <script data-require="angular.js@*" data-semver="1.3.1" src="//code.angularjs.org/1.3.1/angular.js"></script> <link href="style.css" rel="stylesheet" /> <script src="script.js"></script> </head> <body ng-app="myapp"> <script> angular.module('myapp',[]) .controller('mycontroller',['$scope',function($scope) { $scope.foorequired=true; $scope.submitform = function() { $scope.submitmessage = ...
Read more

xcode - Swift Playground - Files are not readable -

-
Image
files not readable in swift playground . how make files readable? same code runs on xcode terminal app, fails on swift playground. demo code below. import foundation println("hello, world!") var fname:string = "/users/holyfield/desktop/com.apple.iconcomposer.plist" var fm:nsfilemanager = nsfilemanager.defaultmanager() if(fm.fileexistsatpath(fname)){ println("file exists") if(fm.isreadablefileatpath(fname)){ println("file readable") var fd:nsdata? = nsdata(contentsoffile: fname) println(fd?.length) let pl = nsdictionary(contentsoffile: fname) println(pl?.count) println(pl?.allkeys) }else{ println("file not readable") } } else{ println("file not exists") } sample images: i have thank nate cook first quick response , solid answer. just case share answer post, title misleading. see nate's answer here: https://stackoverf...
Read more