Issue with Arcgis Portal Integration with CA SAML IDP-SP

book

Article ID: 102963

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We created an IDP--SP(ArcGIS) partnership. Customer is using ArcGIS Portal.

Sent the xml metadata to customer for SP configuration.

customer is reporting following error.
SAML sign-in error: Invalid_SAMLResponse: Unable to login using Idp Unable to validate SAML response
SAML sign-in error: Invalid_Idp: Unable to find IDP for account 0123456789ABCDEF

Cause

ArcGIS has an issue when SSO Partnership IDP Post Signature Options is set to Sign Both. It cannot determine the correct cert to use if that is set.

Environment

ArcGIS 10.3.1

Resolution

ArcGIS 10.3.1 has a bug in it where if the SSO Partnership IDP Post Signature Options is set to Sign Both, it will fail to validate the assertion. We changed it from Signing both to Sign Assertion and the federation started to work.