• Votes

    1

    Add Mutual TLS Profile for OAuth 2.0

    An important French NAM customer has the following use-case: The need that arises is to be able to authenticate a client application (not a user) to the OAUTH2 IdP by ...

  • Votes

    2

    Inject unecrypted JWT tokens

    Detailed description: Currently NAM can only inject encrypted JWT tokens via Identity Injection policies even though the resource server you select is set to NOT encrypt ...

  • Votes

    2

    Signing cert per Resource Server in OAUTH/OIDC

    Issue: Currently NAM supports a single signing cert which is used to sign all JWT tokens with. This is a poor security design as all token consumers/clients etc that ...

  • Planned

    7

    Support multi-tenancy AA setups with NAM

    There is currently no way to support AA multi tenancy in Access Manager. If you integrate AA with NAM only the top tenant in AA can be used by NAM. Therefore you need a ...

  • Votes

    7

    Allow Branding/Customization of NAM skin in iMgr

    Sometimes an admin may have multiple NAM iMgr instances open for multiple NAM instances. It is easy to make a config change to Prod by mistake when the admin thinks ...

  • Votes

    2

    Configurable defaults by admin pertaining to tile view style in the ...

    Depending on the verbiage length of tiles in the portal, certain view style may be more suitable than others. Although customers can set it themselves but it's more ...

  • Votes

    3

    Allow Risk Based Authentication ( RBA ) call a contract

    Today only a method or class can be called by an RBA policy which works fine, but calling a contract would add even more flexibility and usefulness to RBA to take ...

  • Votes

    3

    Bring-Your-Own Cloud App Vendor Test Space

    We engage many small cloud application vendors who don't know how to configure SAML authentication for their application. So I send them links to the OneLogin SAML tools ...

  • Votes

    2

    WSFed: Sharepoint Hosted Apps - SP entityIDs with wildcards

    ADFS allows Wildcards in entity IDs, so the randomly generated entity ID of Sharepoint-Apps can be federated using a wildcard as shown in: ...

  • Votes

    2

    Let users re-enroll TOTP device

    If a user is enrolled with TOTP device and for some (not uncommon) reason needs to re-enroll with a new device, an administrator with access needs to clear the TOTP ...

  • Votes

    3

    OAuth: OpenID Token with claims

    As per Specification it's allowed to use claims within the OIDC token. But currently only the OAuth userinfo-tokes is populated with attributes from scopes. It should be ...

  • Votes

    2

    Backend Application server Health check by NAM

    As of Now : As of now we poll for availability of the IP and port availability of the web server. Proposed solution : For the backend webserver custom health check ...

  • Votes

    1

    Support for both soap 1.1 and 1.2 for WS-Trust STS services on the ...

    It is not possible to have both on the same instance of NAM. https://www.netiq.com/documentation/netiqaccessmanager4/identityserverhelp/data/ws-trust_usecases.html This ...

  • Votes

    6

    Need ability to brand/customise Identity Server Portal page

    The portal is a binary downloaded to the client - there's no way an administrator can change this (branding/colours). WOuld be nice if we documented how to do this, or ...

  • Votes

    3

    Additional signing certificate for identity provider

    NAM 4.4 has a new feature for second signing certificate to a trusted service provider. As the same way the identity provider also require this feature. Possible to ...

  • Votes

    2

    Permit to have openID authentication on REST web service datasource ...

    Since NAM 4.4 it is possible to add a REST web service data source. This is a really usefull feature but it is lacking an authntication possibility. For now, it is only ...

  • Votes

    1

    Embed High Availability / Fault Tolerance clustering natively

    At present Access Manager clustering works only with a Layer 4 switch, or with software load balancer. I have set it up in the past using a pair of Linux servers in ...

  • Votes

    6

    Add choice of contract for OIDC as is the case for SAML

    as is the case of SAML, where you can choose from a list of contracts, THE NEW : it should also be possible for OIDC to choose from a list of contract in the admin ...

  • Votes

    7

    Add evaluation of HTTP header or IP address to obtain user location to ...

    We can already use Risk based policies to determine whether a user is coming from the Intranet or the Internet. But currently we cannot pass this information along, ...

  • Votes

    3

    Allow authentication methods successfully perfromed during MFA to ...

    Consider if I have 2 contracts, C1 and C2, C1 havign 2methods M1 and M2, and C2 having a single method of M1. If I perfrom C1 and both methods successfully complete and ...