• Votes

    1

    Auditing on IDP and AG with more detail

    Currenlty there is only alerting or syslog sending of NAM changes done for just changes being done. There is no proper auditing showing what was changed by what user at ...

  • Votes

    1

    OIDC client applications REST API should be better protected

    Referring to Idea : 13276 Permit to have openID authentication on REST web service datasource for virtual attributes That seems to be a major change. What about letting ...

  • Votes

    1

    Pass AA user detail to NAM during MFA

    It is a three-tier network that AD in trust zone, AA in the middle layer and NAM in the out most layer. NAM cannot reach AD We have configured NAM not to identify user ...

  • Votes

    2

    Add "Loading details ..." to Client Application edit page.

    Accessing Identity Servers=> OAuth & OpenID Connect=> Client Applications one gets a „Loading Clients…“ displayed next to the "Register New Clients" button, while ...

  • Votes

    2

    Add SP and IDP metadata expiration date query to REST API

    For automated monitoring, it would be really helpful to have a REST URL where one could query the expiration date of Service and Identity Provider's metadata. This way, ...

  • Votes

    1

    OAuth scope for client application

    We want to be able to set a scope which assigned to an attribute set and related it to individual registered client application. The current functionality is that every ...

  • Votes

    2

    support Virtual attribute and Attribute sources as a source while ...

    Customer is using an ldap request, then manipulates an attribute returned, uses this new value to make the final request to know the attributes for the token. Two ...

  • Votes

    1

    Getting userinfo from social network, store in user session and then ...

    It would be great if the native Social Class could provide a way to get additional user data (userinfo) from a social network and some timer later, be able to forward ...

  • Votes

    2

    Conditional Access - AD, Azure and MDM/EDM

    Hi guys, As identity is more than just people (e.g. places and things) it is becoming critical to authenticate the person AND the device they are using (conditional ...

  • Votes

    2

    mobile access updates - fingerprint, PIN policies, and more

    Hi guys, Can we update mobile access to support the following: * PIN policies (including length) * Support Google Auth and SMS OTP * Enable fingerprint unlock on Android ...

  • Votes

    1

    Integrate UMA protocol in NAM

    User-Managed Access is a new protocol based on OAuth (https://kantarainitiative.org/confluence/display/uma/Introduction+to+UMA). We have customers who asked for this ...

  • Votes

    13

    Separate Signing Certificate for STS SPs

    Currently the STS in NAM uses the default signing certificate for all signing, validation and renewal. Having the same experience for STS that we do for SAML 2.0 ...

  • Votes

    2

    Customize Email Notification For Device Fingerprint

    We configured the NAM to send email notification when user is connected from unknown device. The problem is that the email that the NAM sends cannot be customized. The ...

  • Votes

    2

    Minimize exploit debugging by limiting the information returned to the ...

    During a recent penetration test again NAM 4.3.3 it was suggested that only generic error messages be made available via the browser when unexpected POST parameters are ...

  • Votes

    1

    Enable RBA Validate Tool / feature by default

    This is a great feature that is somewhat hidden since it is not enabled by default.

  • Votes

    1

    an option to ignore config store's status with IDS's health check

    Kerberos authentication is configured and used. Health check for IDS ("/nidp/app/heartbeat") returns 504 error when it cannot communicate with config store. It is because ...

  • Votes

    4

    Plugin or other helper to generate form fill (or field fill) scripts

    Regarding the ability to input username and passwords, on pages that are not contain forms, or are in general just difficult to work with. Products like for example ...

  • Votes

    5

    revert in ids

    It seems that we can only revert changes for Access Gateway. It would be very nice to have a revert changes option for ids as well.

  • Votes

    2

    Additional MAG options

    It would be beneficial to be able to specify Apache2 mod_header commands in the global or per proxy options. This would allow being able to specify new technology headers ...

  • Votes

    2

    Per Proxy Service Advanced Form Fill Options for javascript handling

    For simple standard HTML forms, the default form fill policies for NAM work great for SSO by auto-submiting the form post. Today, more and more if not most web ...