We think we know the answer to this, but just want to confirm. We're trying to figure out where the AAA action is failing on what amounts to be a relatively complex AAA action.
We have a AAA policy that Accepts a SAML Assertion with a signature. When we look at the context variables after the AAA action, we can see the 'var://context/WSM/identity/username' was extracted correctly, but that 'var://context/WSM/identity/authenticated-user' is an empty string.
Does this mean the signature was invalid... ie... the authentication failed?
Pinned topic Help debugging AAA - authenticated-user vs username
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-12-13T21:42:21Z at 2012-12-13T21:42:21Z by kenhygh
Re: Help debugging AAA - authenticated-user vs username2012-12-13T14:39:34ZThis is the accepted answer. This is the accepted answer.Not necessarily. The best way to determine if the signature was invalid is to look at the logs from the transaction. Try setting the log level to debug and turn the probe on. You can look at the logs for a single transaction to see if the signature verification succeeded or failed. There are also some context variables available in the context after AAA that hold the output from each step.
Re: Help debugging AAA - authenticated-user vs username2012-12-13T20:24:05ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
kenhygh 120000PD1B2167 Posts