WS-FED User Failing Authentication at Resource Partner

book

Article ID: 101629

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

WS-Fed Resource Partner is not authenticating the user, resulting in 500 error.  FWSTrace.log indicates the user is failing assertion-based authentication.

Cause

The NameID was in email format, but the user lookup within the WS-Fed auth scheme was for UID, not email.

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

Once the user lookup was set to 'mail=%s', the user was authenticated and successfully accessed the WS-Fed target.