SAML Response shows dupllicated id

Article Id: 131449

Status: Published

Updated On: 29-04-2019 00:48

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On

Issue/Introduction:

We're Running a Policy Server, and in the Federation Journey, we see
that the SAML Responses show duplicated ID and as such the SP side
cannot consume the assertion.

<ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_989cd331197cb7da92c224ca7c6467544bfd"
Id="_989cd331197cb7da92c224ca7c6467544bfd"
IssueInstant="2019-04-29T06:11:42Z"
Version="2.0"

How can we fix this ?

Cause:

This is corrected in Policy Server 12.8SP1 :

Defects Fixed in 12.8.01

01090398, 01121619,

01153845, 01136496,

01137702, 01169777

DE365688

DE371749

Single sign-on fails as Policy Server issues duplicate assertion IDs in an assertion.

https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/service-packs/defects-fixed-in-12-8-01

Environment:

Policy Server 12.8SP0CR00 on RedHat 7;
Policy Server JDK 1.8.0_181;
Policy Store on CA Directory 14.0;
Admin UI 12.8SP1 on Windows 2012 R2 ;

Resolution:

We suggest you to upgrade to the latest version 12.8SP02 in order to
insure to have all the latest fix including this one.