AIQUM で SAML のセットアップが成功したかどうかを検証しています
環境
- Active IQ Unified Manager(AIQUM)
- Security Assertion Markup Language(SAML)
説明
Active Directoryフェデレーションサービス(ADFS)とAIQUMの間でSAML認証が正しく設定されているかどうかの確認
-
IdPサーバからSSOを使用してUMサーバにログオンしました
Web UIエラー:
エラーなし
ログ:ocumserver.log
2020-11-17 14:25:17,558 INFO [umadmin] [default task-2121] [service.mfa.SAMLIdpMetadataAccessService|saveMetadataDetails] [com.netapp.dfm.impl.mfa.MfaUtils] Enable MFA: public url https://adfs2/federationmetadata/200...onmetadata.xml passed basic validation
2020-11-17 14:25:17,574 INFO [umadmin] [default task-2121] [service.mfa.SAMLIdpMetadataAccessService|saveMetadataDetails] [com.netapp.dfm.impl.mfa.MfaUtils] Enable MFA: public url value https://adfs2/federationmetadata/200...onmetadata.xml saved in global option
2020-11-17 14:25:18,474 INFO [umadmin] [default task-2121] [service.mfa.SAMLIdpMetadataAccessService|saveMetadataDetails] [com.netapp.dfm.impl.mfa.MfaUtils] Update MFA: Restarting UM services認証:
2020-11-17 15:27:41,946 INFO [oncommand] [default task-39] [c.n.d.c.a.SSOUserDetailsService] Parsing out the LDAP attributes from the SAML response
2020-11-17 15:27:41,947 INFO [oncommand] [default task-39] [c.n.d.c.a.SSOUserDetailsService] LDAP Group Info from the SAML assertion: [Domain Admins, Domain Users, Insight_admin, ocigroup, ocioperator, Informix-Admin]
2020-11-17 15:27:41,947 INFO [oncommand] [default task-39] [c.n.d.c.a.SSOUserDetailsService] Parsed attribute values from the SAML assertion: userName : domain_user_name, nameId : domain_user_nameログ:audit.log
Nov 17 14:25:17 [:INFO]:umadmin:WEB:action:[10.216.25.133]::Option saml.idp.metadata.access.url value changed from null to https://adfs/federationmetadata/2007...onmetadata.xml
Nov 17 14:25:18 [:INFO]:umadmin:WEB:action:[10.216.25.133]::Option mfa.enabled value changed from null to true
Nov 17 14:25:18 [:INFO]:umadmin:WEB:in:[10.216.25.133]::Update MFA: Restarting UM services