Information leakage with NAM Identity Server and SAML2 Service Provider while using Virtual Attributes (CVE-2017-5190)
This document (7018792) is provided subject to the disclaimer at the end of this document.
NetIQ Access Manager 4.2
Virtual Attributes enabled on Identity Server
NAM Acting as a SAML 2.0 Identity Server
At an indeterminate frequency a user accessing the application on the SAML SP is redirected to the NAM Identity server to login. After logging in to the NAM Identity server, the user SSOs to the SP but gets a stale profile.
This issue only manifests itself when using virtual attributes.
As a workaround, you can write virtual attribute value to LDAP user store and retrieve this attribute to inject into the assertion.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7018792
- Creation Date:11-APR-17
- Modified Date:13-APR-17
- NetIQAccess Manager (NAM)
Did this document solve your problem? Provide Feedback