Thursday, April 25, 2019

Tips: Azure AD B2B user UserPrincipalName(UPN) update


Trying to update the UserPrincipalName (UPN) of B2B user to some public domain email address like in Azure AD tenant and results below error message.

Error message - "Property userPrincipalName is invalid"


Make sure create/update user UPN with verified domain names in Azure AD tenant.

Siva Pokuri.

Monday, March 25, 2019

Service providers and identity providers

Identity federation standards identify two operational roles in an SSO transaction:

  1. Identity provider (IdP)
  2. Service provider (SP).

An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure access to the Web-based applications or services of customers, suppliers, and business partners.

An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP.

The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.


Sunday, January 20, 2019

Ping Access internet proxy setting to access token provider

Offen this kind of setup needed especially when deploying ping access internally and token provider such as Ping federation/Aure AD in the cloud.

In this kind of set up, secure internet access needed from Ping Access needed in order to register the token provider.

First, register the internet proxy IP and port number (provide credentials if proxy need authentication) in the Ping Access Administration console settings >> networking >> proxies

Next, Add created proxy instance to Administration/replica Administration nodes and all the engine nodes(If in the multinode cluster setup) else if in a standalone setup adding in Primary Administration node is good enough.

Siva Pokuri

Thursday, January 17, 2019

The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

Error: The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

Version: OAM and later

Work Around:

  1. Go into oamconsole and modify the webagte profile ( may be decrease the Cache Timeout by a second )for the first agent and save it.
  2. Download webagte artifacts
  3. Copy the artifacts from the the oam server directory to appropriate directories for the correct webgate.
  4. Restart the webserver instance on which webgate is running.