by IDAMGroup
NetIQ Access Manager SSO with SuccessFactor
SuccessFactors
I am going to show you how SuccessFactors application will be integrated with Novell Access Manager using SAML2.0 federation protocol. In this Novell Access Manager will be configured as an Identity Provider and SuccessFactors will be Service Provider.
SuccessFactors integration will be IdP initiated web SSO, where user will access the IdP initiated URL https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors. And they will be prompted for authentication. Once the authentication is successful they will redirected SuccessFactors Home/Target Page.
- NAM Version : 3.2 IR1
- OS : Sles 1 SP2 64bit
IdP Initiated SSO Flow
- When user access the IdP initiated URL https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors
- Identity Provider will prompt for authentication.
- User enters the credentials.
- On successful authentication Identity Provider send SAML Response with Assertion containing users email address to Service Provider (SuccessFactors).
- Concur validate the SAML Assertion against its user store.
- Once the validation is successful it will redirect the Concur home page.
What to get from Service Provider
- SuccessFactors Metadata URL
- Trusted root Certificate
- SuccessFactors landing/target page
What to give
- NAM Metadata (https://login.mytechreference.com/nidp/saml2/metadata)
- NAM trusted root (Export the trusted root of http://login.mytechreference.com )
Below are the steps required to configure the SAML2.0 Federation with concur application.
- Configure the Shared Attribute
- Create SAML2.0 Service Provider
- Select the Attributes to send along with authentication
- Select Authentication response
- Configure the Inter site Transfer URL
Shared Attribute
- Create Attribute set which will be shared with Service Provider
Identity Servers–>Shared Settings
Name: Successfactors
- Click new and create “employeeNumber” attribute which will be shared with Concur application
- Click Ok and update the Identity Server
Create Service Provider
- Identity Servers–> Edit–>SAML2.0–>Trusted Providers–>Service Provider
Select Source as Metadata URL and provide the below details
Name:SuccessFactors
URL: https://successfactor-stage.plateau.com/learning/plateau.sso/Metadata
Note : This is just a example URL
- Import the Server Signing certificate and click Next and finish the configuration
- Now select the newly created Service Provider (SuccessFactors)
- Click the Attribute tab and select the Attribute set “Successfactors” and move the employeeNumber attribute to “Send with authentication”
.
- Click Authentication Response tab and select the Binding as “POST” and select the Unspecified and make it as Default value.
- Click the Intersite Transfer Service tab and provide the following details
ID: SuccessFactors
Target: https://Successfactors-stage.plateau.com/learning/user/ssoLogin.do
- Click Ok and update the Identity Servers
Now access the IDP Initiated URL as https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors
NetIQ Access Manager prompts you for the password and once the authentication is successful it will redirect to the Intersite Transfer Service URL https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors.
It Support SP Initiated SSO as well.
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.