Just a good feedback on integrating iTop SAML with ForgeRock.
Context :
iTop 3.2.0 -2 + combodo-saml/1.2.1
For the integration part, on iTop side, all went smoothly, by using the Forgerock Metadata either from a file or fron an url.
On forgerock side, the iTop generated xml file was OK to integrate when using no encryption. But the integration didn't work with encryption.
My colleague working on the SSO side then found out that, in the xml file that iTop generate, there are two major groups : <ds:Signature></ds:Signature>
and <md:SPSSODescriptor></md:SPSSODescriptor>
Forgerock (at least in version 6 does not use the <ds:Signature></ds:Signature> so, by removing this whole stanza, the integration was OK on ForgeRock side, and everything is working on iTop side :)
Yepee !
Hope this can help other iTop users 😉 (OK, the usecase is probably highly specific !)
Pascal
Last edit: schirrms 2025-01-22
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
Just a good feedback on integrating iTop SAML with ForgeRock.
Context :
iTop 3.2.0 -2 + combodo-saml/1.2.1
For the integration part, on iTop side, all went smoothly, by using the Forgerock Metadata either from a file or fron an url.
On forgerock side, the iTop generated xml file was OK to integrate when using no encryption. But the integration didn't work with encryption.
My colleague working on the SSO side then found out that, in the xml file that iTop generate, there are two major groups :
<ds:Signature></ds:Signature>and
<md:SPSSODescriptor></md:SPSSODescriptor>Forgerock (at least in version 6 does not use the
<ds:Signature></ds:Signature>so, by removing this whole stanza, the integration was OK on ForgeRock side, and everything is working on iTop side :)Yepee !
Hope this can help other iTop users 😉 (OK, the usecase is probably highly specific !)
Pascal
Last edit: schirrms 2025-01-22