Federation - Not Authorized for Assertion Generation

book

Article ID: 210363

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

When assertion generation is denied by the policy server, the customer is seeing an AzAccept in the smaccess.log rather than the expected AzReject event.

Cause

The AzAccept event was logged for the user's visit to the Authentication URL (redirect.jsp), not for assertion generation.

Environment

Release : 12.8

Component :  FEDERATION

Resolution

While successful assertion generations are logged in the smaccess.log, denied assertion generations are not, so this is working by design.