saml.ap.custid usage problem
- Former user (Deleted)
Problem
When completing the registration and then transferring to application, it might not work and UI complains about authorization. Ubisecure SSO diagnostics log shows:
2014-10-08 10:05:33,982 identity UnregisteredIdentityFactory.createIdentities():
Identity[UNREGISTERED&saml.ap.custid&<saml:NameID
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
NameQualifier="https://xxxxxx" SPNameQualifier="https://xxxxxx">
cn=f5e83218-91be4baa-9072-3cd3abc09c8a,ou=all_users,ou=eIDMÂ Users,
cn=Ubilogin,dc=sso,dc=lab,dc=company,dc=fi</saml:NameID>]
2014-10-08 10:05:33,982 identity X509IdentityFactory.createIdentities(): invalid
NameQualifier:Â <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
NameQualifier="https://xxxxxx"
SPNameQualifier="https://xxxxxx/uas/saml2/names/ac/saml.ap.custid">cn=f5e83218-
91be-4baa-9072-3cd3abc09c8a,ou=all_users,ou=eIDM
Users,cn=Ubilogin,dc=sso,dc=lab,dc=company,dc=fi</saml:NameID>
2014-10-08 10:05:33,982 identity UbiloginIdentityFactory:
Identity[UNREGISTERED&saml.ap.custid&<saml:NameID
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
NameQualifier="https://xxxxxx/eidm2"
SPNameQualifier="https://xxxxxx/uas/saml2/names/ac/saml.ap.custid">cn=f5e83218-
91be-4baa-9072-3cd3abc09c8a,ou=all_users,ou=eIDM
Users,cn=Ubilogin,dc=sso,dc=lab,dc=company,dc=fi</saml:NameID>]
Solution
saml.ap.custid method needs to be configured differently than by default.
If Ubisecure Directory is in use.:
CustomerID Auth Provider NameQualifier value:
set ldap:///
If Active Directory is in use:
CustomerID Auth Provider NameQualifier value:
set ldaps://ad.local/ou=Ubilogin,c=fi,etc.
Related articles