WS-FED User Failing Authentication at Resource Partner
Article ID: 101629
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
WS-Fed Resource Partner is not authenticating the user, resulting in 500 error. FWSTrace.log indicates the user is failing assertion-based authentication.
The NameID was in email format, but the user lookup within the WS-Fed auth scheme was for UID, not email.
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Once the user lookup was set to 'mail=%s', the user was authenticated and successfully accessed the WS-Fed target.