You must add an policy to allow ActAs and OnBehalfOf operations. For ActAs and OnBehalfOf, you must specify multiple username values separated with comma. If no value is specified, ActAs and OnBehalfOf are denied.
Click Devices > Identity Servers > Edit > Options.
Click New.
Set the following properties based on your requirement:
|
Property Type |
Property Value |
|---|---|
|
WSTRUST AUTHORIZATION ALLOWED ACTAS VALUES |
Specify user names who can perform ACTas operations. Allowed user names are the user accounts that are used by an intermediate web service provider to authenticate with STS when sending a request with Actas elements. |
|
WSTRUST AUTHORIZATION ALLOWED ONBEHALF VALUES |
Specify user names who can perform OnBehalfOf operations. Allowed user names are the user accounts that the intermediate web service provider uses to authenticate with STS when sending a request with OnBehalfOf elements. |
|
WSTRUST AUTHORIZATION ALLOWED VALUES |
Specify the user names who can perform both Actas and onBehalfOf operations. |
Click OK > Apply.
Restart Identity Server by running the following command:
/etc/init.d/novell-idp restart
For the Docker deployment, perform the following steps:
Run the kubectl get pods command to view the Access Manager pods.
Go to the Identity Server pod by running the kubectl exec --namespace <name-of-the-namespace> -it pod/<name-of-the-identity-server-pod> -- sh command.
Run the /etc/init.d/novell-idp restart or systemctl restart novell-idp.service command.
After upgrading Access manager, the configuration is set to default values. You must reconfigure the details after each upgrade.