The AssertionConsumerServiceIndex parameter has been added to the IDP-initiated SAML request query string, but Siteminder seems to be ignoring it.  The application does not support SP-initiated SAML.  Is there a way to support multiple Assertion Consumer Service (ACS) URLs via IDP-initiated SAML?

Release : ALL

Component : SITEMINDER FEDERATION SECURITY SERVICES

Siteminder does not support the AssertionConsumerServiceIndex query string parameter in IDP-initiated SAML requests.  A custom solution is needed.

Use SP-initiated SAML when multiple ACS URLs need to be supported. If switching to SP-initiated SAML is not possible, it may be possible to use an active page on the IDP side to mimic the SP and generate an authnrequest with the needed AssertionConsumerServiceIndex parameter/value, but this is a custom solution outside the scope of Support.

Sample authnrequests can be found here:
https://www.samltool.com/generic_sso_req.php

As you can see, the only dynamic data in the authnrequest is the date/time information.  The resulting SP-initiated URL (assuming REDIRECT binding) will take this format:
https://idp.example.com/affwebservices/public/saml2sso?SAMLRequest=XXXXXXXXXXXXXXXX&AssertionConsumerServiceIndex=Y