MyTechReference - Technical Notes


by IDAMGroup

NetIQ Access Manager SSO with SuccessFactor

SuccessFactors

I am going to show you how SuccessFactors application will be integrated with Novell Access Manager using SAML2.0 federation protocol. In this Novell Access Manager will be configured as an Identity Provider and SuccessFactors will be Service Provider.

SuccessFactors integration will be IdP initiated web SSO, where user will access the IdP initiated URL https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors. And they will be prompted for authentication. Once the authentication is successful they will redirected SuccessFactors Home/Target Page.

  • NAM Version : 3.2 IR1
  • OS : Sles 1 SP2 64bit

IdP Initiated SSO Flow

SuccessFactor_SSO

  1. When user access the IdP initiated URL  https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors
  2. Identity Provider will prompt for authentication.
  3. User enters the credentials.
  4. On successful authentication Identity Provider send SAML Response with Assertion containing users email address to Service Provider (SuccessFactors).
  5. Concur validate the SAML Assertion against its user store.
  6. Once the validation is successful it will redirect the Concur home page.

 What to get from Service Provider

  • SuccessFactors Metadata URL
  • Trusted root Certificate
  • SuccessFactors landing/target page

What to give

  • NAM Metadata (https://login.mytechreference.com/nidp/saml2/metadata)
  • NAM trusted root (Export the trusted root of  http://login.mytechreference.com )

Below are the steps required to configure the SAML2.0 Federation with concur application.

  1. Configure the Shared Attribute
  2. Create SAML2.0 Service Provider
    • Select the Attributes to send along with authentication
    • Select Authentication response
    • Configure the Inter site Transfer URL

Shared Attribute

  •  Create Attribute set which will be shared with Service Provider

Identity Servers–>Shared Settings

Name: Successfactors

SF_SAML_1

  • Click new and create “employeeNumber” attribute which will be shared with Concur application

 

SF_SAML_2

SF_SAML_3

  • Click Ok and update the Identity Server

 Create Service Provider

  •  Identity Servers–> Edit–>SAML2.0–>Trusted Providers–>Service Provider

concur_SAML_6

Select Source as Metadata URL and provide the below details

Name:SuccessFactors

URL: https://successfactor-stage.plateau.com/learning/plateau.sso/Metadata

Note : This is just a example URL

SF_SAML_4

  • Import the Server Signing certificate and click Next and finish the configuration
  • Now select the newly created Service Provider (SuccessFactors)
  • Click the Attribute tab and select the Attribute set “Successfactors” and move the employeeNumber attribute to “Send with authentication”

.

SF_SAML_6

  • Click Authentication Response tab and select the Binding as “POST” and select the Unspecified and make it as Default value. 

SF_SAML_5

  • Click the Intersite Transfer Service tab and provide the following details

ID: SuccessFactors
Target: https://Successfactors-stage.plateau.com/learning/user/ssoLogin.do

  •  Click Ok and update the Identity Servers

 

Now access the IDP Initiated URL as https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors

NetIQ Access Manager prompts you for the password and once the authentication is successful it will redirect to the Intersite Transfer Service URL https://login.mytechreference.com/nidp/saml2/idpsend?id=SuccessFactors.

It Support SP Initiated SSO as well.

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.