ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Issue with Arcgis Portal Integration with CA SAML IDP-SP
Article ID: 102963
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
We created an IDP--SP(ArcGIS) partnership. Customer is using ArcGIS Portal.
Sent the xml metadata to customer for SP configuration.
customer is reporting following error. SAML sign-in error: Invalid_SAMLResponse: Unable to login using Idp Unable to validate SAML response SAML sign-in error: Invalid_Idp: Unable to find IDP for account 0123456789ABCDEF
ArcGIS has an issue when SSO Partnership IDP Post Signature Options is set to Sign Both. It cannot determine the correct cert to use if that is set.
ArcGIS 10.3.1 has a bug in it where if the SSO Partnership IDP Post Signature Options is set to Sign Both, it will fail to validate the assertion. We changed it from Signing both to Sign Assertion and the federation started to work.