Problem

When completing the registration and then transferring to application, it might not work and UI complains about authorization. Ubisecure SSO diagnostics log shows:

2014-10-08 10:05:33,982 identity UnregisteredIdentityFactory.createIdentities():

Identity[UNREGISTERED&saml.ap.custid&<saml:NameID

xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"

NameQualifier="https://xxxxxx" SPNameQualifier="https://xxxxxx">

cn=f5e83218-91be4baa-9072-3cd3abc09c8a,ou=all_users,ou=eIDM Users,

cn=Ubilogin,dc=sso,dc=lab,dc=company,dc=fi</saml:NameID>]

2014-10-08 10:05:33,982 identity X509IdentityFactory.createIdentities(): invalid

NameQualifier: <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"

NameQualifier="https://xxxxxx"

SPNameQualifier="https://xxxxxx/uas/saml2/names/ac/saml.ap.custid">cn=f5e83218-

91be-4baa-9072-3cd3abc09c8a,ou=all_users,ou=eIDM

Users,cn=Ubilogin,dc=sso,dc=lab,dc=company,dc=fi</saml:NameID>

2014-10-08 10:05:33,982 identity UbiloginIdentityFactory:

Identity[UNREGISTERED&saml.ap.custid&<saml:NameID

xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"

NameQualifier="https://xxxxxx/eidm2"

SPNameQualifier="https://xxxxxx/uas/saml2/names/ac/saml.ap.custid">cn=f5e83218-

91be-4baa-9072-3cd3abc09c8a,ou=all_users,ou=eIDM

Users,cn=Ubilogin,dc=sso,dc=lab,dc=company,dc=fi</saml:NameID>]

Solution

saml.ap.custid method needs to be configured differently than by default.

If Ubisecure Directory is in use.:

CustomerID Auth Provider NameQualifier value:

set ldap:///

If Active Directory is in use:

CustomerID Auth Provider NameQualifier value:

set ldaps://ad.local/ou=Ubilogin,c=fi,etc.

Related articles

Browser not supported