CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected
Article ID: 108654
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Our CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
How can we resolve this?
How can we resolve this?
Environment
Siteminder Policy Server version 12.52 SP1 on Win2008R2SP1
Access Gateway(Secure Proxy Server) version: 12.52 on Linux6.9
Access Gateway(Secure Proxy Server) version: 12.52 on Linux6.9
Cause
This issue was identified in Siteminder 12.52 base and above
DE342317
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation
DE342317
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation
Resolution
Upgrading the Access Gateway(Secure Proxy Server) version to 12.52 SP1 CR9 resolved the issue.
Note:
Even the referenced readme identifies the issue in the Siteminder Webagent Option Pack, the issue is also identified in CA Access Gateway(Secure Proxy Server)
Note:
Even the referenced readme identifies the issue in the Siteminder Webagent Option Pack, the issue is also identified in CA Access Gateway(Secure Proxy Server)
Additional Information
DE342317
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation
Feedback
Yes
No
Powered by
