验证是否已在 AIQUM 中成功设置 SAML
适用场景
- Active IQ Unified Manager (AIQUM)
- 安全断言标记语言(SAML)
问题描述
确定是否已在Active Directory联合身份验证服务(ADFS)和AIQUM之间正确设置SAML身份验证
-
使用SSO从Idp服务器成功登录到UM服务器
Web UI错误:
无错误
日志:ocumserver.log
2020-11-17 14:25:17,558 INFO [umadmin] [default task-2121] [service.mfa.SAMLIdpMetadataAccessService|saveMetadataDetails] [com.netapp.dfm.impl.mfa.MfaUtils] Enable MFA: public url https://adfs2/federationmetadata/200...onmetadata.xml passed basic validation
2020-11-17 14:25:17,574 INFO [umadmin] [default task-2121] [service.mfa.SAMLIdpMetadataAccessService|saveMetadataDetails] [com.netapp.dfm.impl.mfa.MfaUtils] Enable MFA: public url value https://adfs2/federationmetadata/200...onmetadata.xml saved in global option
2020-11-17 14:25:18,474 INFO [umadmin] [default task-2121] [service.mfa.SAMLIdpMetadataAccessService|saveMetadataDetails] [com.netapp.dfm.impl.mfa.MfaUtils] Update MFA: Restarting UM services身份验证:
2020-11-17 15:27:41,946 INFO [oncommand] [default task-39] [c.n.d.c.a.SSOUserDetailsService] Parsing out the LDAP attributes from the SAML response
2020-11-17 15:27:41,947 INFO [oncommand] [default task-39] [c.n.d.c.a.SSOUserDetailsService] LDAP Group Info from the SAML assertion: [Domain Admins, Domain Users, Insight_admin, ocigroup, ocioperator, Informix-Admin]
2020-11-17 15:27:41,947 INFO [oncommand] [default task-39] [c.n.d.c.a.SSOUserDetailsService] Parsed attribute values from the SAML assertion: userName : domain_user_name, nameId : domain_user_name日志:audit.log
Nov 17 14:25:17 [:INFO]:umadmin:WEB:action:[10.216.25.133]::Option saml.idp.metadata.access.url value changed from null to https://adfs/federationmetadata/2007...onmetadata.xml
Nov 17 14:25:18 [:INFO]:umadmin:WEB:action:[10.216.25.133]::Option mfa.enabled value changed from null to true
Nov 17 14:25:18 [:INFO]:umadmin:WEB:in:[10.216.25.133]::Update MFA: Restarting UM services
追加信息