search cancel

CA AGW Partnership federation/ configuration assistance would be needed for redirect


Article ID: 102821


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


I have installed CA Access Gateway (SPS) 12.7 and I'am testing for
first time a Parnership Federation with Policy Server 12.7, so that CA
Access Gateway (SPS) is acting as SAML2 IdP and myseconddomain is acting as SAML2 SP.

Login pages are on the CA Access Gateway (SPS). 

When I start login flow from, the Authentication
URL redirects properly to login page where both authentication and
authrozation are processed successfully and a SMSESSION is created.

The problem occurs with redirect.jsp. When the browser goes to that
redirect.jsp page, the browser doesn't get redirected back to the
Federation Resource /affwebservices/public/saml2sso.

I have configured the Authentication URL to
in Parnership Federation Configuration. 

In CA Access Gateway (SPS) Federation has been enabled and the
Authentication URL has been set to default siteminderagent/redirectjsp

First login fails because of redirect. In second try when SMSESSION
exists already login flow is successful. SAML response is returned to
myseconddomain SP site.


From the flow, we see the SMPORTALURL is encrypted :

Here we should see the SMPORTALURL value decrypted.


Release: MSPSSO99000-12.7-Single Sign-On-for Business Users-MSP


Disable the "Use Secure URL" option in the Partnership, this will only
URL Encode the SMPORTALURL value, to avoid the Federation Service to 
redirect the browser to an encrypted target value.