Error while attempting XPSImport: Duplicate value error for CA.SM::SAMLv2IdP.Name=""

book

Article ID: 220794

calendar_today

Updated On:

Products

CA Single Sign-On

Issue/Introduction

Customer has exported a number of auth schemes from a 12.7 policy store and is attempting to import them to a 12.8x policy store using XPSImport.  The import is failing with a series of the following errors:

[669989/139869036062528][Mon Jul 26 2021 15:05:50.562][Validate.cpp:238][Process][WARN][sm-xpsxps-03220] CA.SM::[email protected](): Duplicate value for CA.SM::SAMLv2IdP.Name="": CA.SM::[email protected](),CA.SM::[email protected]().
[669989/139869036062528][Mon Jul 26 2021 15:05:50.562][Validate.cpp:238][Process][WARN][sm-xpsxps-03220] CA.SM::[email protected](): Duplicate value for CA.SM::SAMLv2IdP.Name="": CA.SM::[email protected](),CA.SM::[email protected]().
[669989/139869036062528][Mon Jul 26 2021 15:05:50.562][Validate.cpp:238][Process][WARN][sm-xpsxps-03220] CA.SM::[email protected](): Duplicate value for CA.SM::SAMLv2IdP.Name="": CA.SM::[email protected](),CA.SM::[email protected]().
[669989/139869036062528][Mon Jul 26 2021 15:05:50.562][Validate.cpp:238][Process][WARN][sm-xpsxps-03220] CA.SM::[email protected](): Duplicate value for CA.SM::SAMLv2IdP.Name="": CA.SM::[email protected](),CA.SM::[email protected]().

Cause

The export file contained a number of references to SAMLv2IdP objects (backing objects for federation configurations).  Some of those SAMLv2IdP objects were missing the Name attribute, thus the import was listing one error for every SAMLv2IdP object that was missing a Name attribute.  You will notice that the second XID listed in each error is the same one for each error; this is because that XID was one of the SAMLv2IdP objects without a Name attribute, and thus it was conflicting with every other SAMLv2IdP object that also lacked a Name attribute.  

The reason this problem was not detected by the 12.7 policy server (including XPSSweeper) is because 12.8 is less tolerant of such errors and thus requires they be corrected before the data can be imported.

Environment

Release : 12.8x

Component : Siteminder

Resolution

Modifying the .xml file the customer was attempting to import by adding the Name attribute/value to each object in which it was missing allowed the import to succeed.  The Attribute name/value pair we added looked like the sample below and was inserted just above the </Object> tag (since the .xml file contained at least one SAMLv2IdP object with the Name attribute, we were able to use that object as a model for our modifications):

                <Property Name="CA.SM::SAMLv2IdP.Name">
                    <StringValue>any_unique_name</StringValue>
                </Property>

Additional Information

We did not attempt to fix the 12.7 policy store since the customer is having no functional issues in that environment and is migrating to 12.8.