ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Process SAML Authentication Request will break on submission of different Binding


Article ID: 105734


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


When a request comes for Process SAML Authentication Assertion with invalid SAML request or invalid binding (POST in case of REDIRECT or vice-versa), the assertion fails entire policy. If this assertion is part of All assertions must be true, then it doesn't come out of it in case of invalid SAML request or invalid binding, it fails the entire policy.


Component: APIGTW


API Gateway v9.3.00 CR03,API Gateway v9.2.00 CR10

Additional Information

Workaround [Optional]:

Workaround is to include a 'Validate HTML Form Data' and check on the correct submission method for the 'Process SAML Authentication Request'