i can report a successful (and fairly simple) integration with Novell Access Manager (NAM) IDP with SAML2 HTTP POST binding WEB-SSO SAML2 profile.
Just found two minor issue:
It is not possible in the interface to set the ‘AuthnContextClassRef’ parameter of the simplesaml PHP authentication core; the parameter is required as the authentication page / authentication method can be differentiated at the IDP side and so the SP must dictate the login method (in our case we autenticated with kerberos ticket and so set this to urn:oasis:names:tc:SAML:2.0:ac:classes:WP-Kerberos) [please note that the saml standard actually allow you to define custom AuthContextClass]
The group mapping does have support only for a single value, we changed the mask to accept a ; separated list of groups as a large number of groups needs to be mapped in the various WP internal group.
Please, revise and evaluate this fix in order to improve this plugin.
- The topic ‘Success integration with Novell Access Manager’ is closed to new replies.