RelayState configuration in IdP and SP for Federation Siteminder
search cancel

RelayState configuration in IdP and SP for Federation Siteminder


Article ID: 136752


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



Where should the RelayState parameter be configured, at the Identity Provider (IdP) or Service Provider (SP) side?




The RelayState doesn't indicate a SPID, but the target page to which the IdP will send the browser to.

Here is a sample on how the RelayState can be configured. The RelayState should be set on SP in an SP initiated flow (1).

From the last log, the SPID needs to be set to

  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [][getServiceProviderInfoByID][Tunnel result code: 1.]

  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [][getServiceProviderInfoByID][SAMLTunnelStatus: 5, Failed to obtain Service Provider data by provider ID. Provider ID:]

  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]

  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [][processRequest][Transaction with ID: <Transaction ID> failed. Reason: NO_PROVIDER_INFO_FOUND]

 this error can happen if the JVM's does not have JCE patches applied. It can also happen  if there's an accentuated character in the SPID (2)(3)(4).


Additional Information



    TECH TIP: How to send a RelayState parameter on a SAML federation from Access Gateway?

    How To Become a SAML Service Provider
    SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP
    Tech Tip : CA Single Sign-On : Web Agent Option Pack return 403 when Service Provider has accentuated character