Encountered a scenario last week, where I logged the user into ISAM using an AD Short name, but needed to use the email address as the SAML Principal name when logging into an external service (e.g. Pager Duty). The user's email address was populated as an attribute in Active Directory, and ISAM will automatically pull... Continue Reading →
TFIM SAML 2.0 Federation URL
Sample Federation URL: I make this post, as much about a note to myself - as for others. This URL will avoid using the Alias service, and initiate a HTTPPost SAML flow. https://<idpHost>/FIM/sps/<federationname>/saml20/logininitial?RequestBinding=HTTPPost&ResponseBinding=HTTPPost&NameIdFormat=Email&PartnerId=<ID for partner> Here is some additional notes from the IBM Knowledge Center: http://www-01.ibm.com/support/knowledgecenter/SSZSXU_6.2.2.6/com.ibm.tivoli.fim.doc_6226/admin/concept/handlingunspecifiednameid.html
Federated Identity Manager RequestSecurityToken NullPointerException
When using IBM Security Federated Identity Manager (TFIM) for an LTPA junction, I ran into a NullpointerException. STSLTPATokenM 3 com.tivoli.am.fim.trustserver.sts.modules.STSLTPATokenModule consumeSTSUniversalUser Adding attribute to userMap: AZN_CRED_PRINCIPAL_UUID:[e57142ba-37c7-11e2-935f-c0a82f84aa77] STSLTPATokenM 3 com.tivoli.am.fim.trustserver.sts.modules.STSLTPATokenModule consumeSTSUniversalUser Adding attribute to userMap: AZN_CRED_VERSION:[0x00000611] STSLTPATokenM 3 com.tivoli.am.fim.trustserver.sts.modules.STSLTPATokenModule consumeSTSUniversalUser Adding attribute to userMap: AZN_CRED_AUTH_METHOD:[password] STSLTPATokenM 3 com.tivoli.am.fim.trustserver.sts.modules.STSLTPATokenModule consumeSTSUniversalUser... Continue Reading →
WSSMToken Consumer not found
Using IBM Security Federated Identity Manager (TFIM) I ran into some errors following the guide in the WSSM Web services security installation guide for the echo service application. Whenever I started either the application or the client, I got an error similar to that below: [9/20/12 18:01:14:500 EST] 0000003b ConfigUtil E WSEC5007E: Class "com.tivoli.am.fim.wssm.tokenconsumers.WSSMTokenConsumer" not... Continue Reading →