We have a customer who only uses the IDP component of NAM and not the
LAGs. They would like to have an entry point into User App 4.0 Password
expiration servlet from this IDP using SAML SSO. The IDP and User App
4.0 share the same eDirectory user store.
The customer currently uses SAML SSO between NAM IDP as an IdP and an
application with Shibboleth SP. They would like to introduce the
password self-service feature into this mix without the necessity of a

I am aware of cool solutions such as 'Important Notice'
but they require a LAG. I am aware of a User App SSO feature where you
can enable NMAS SAML methods and configure Custom SSO provider in
UserApp. I have never configured this and the docs don't say much, would
this be a plausible solution when a LAG is not in the mix. So the steps
would be:
- User with an expired password logs into IDP
-Gets redirected to User App's password exp servlet with a SAML
assertion in the post.
-User App Provider consumes this assertion and lets the user into the
I am ignorant on this provider and its workings, so please pardon any
wild imagination.

It would be great if anyone can shed some light on this. I opened a
Novell SR, but have not gotten much info as they consider this a design
issue and not a tech issue. Also, I was advised to post on the forum and
directed to the same cool solution.

Thanks and look forward to responses!

ssripathy25's Profile: http://forums.novell.com/member.php?userid=40392
View this thread: http://forums.novell.com/showthread.php?t=455681