Reason: SSO_NO_PROVIDER_ID (, , ) in failing Federation application

search cancel

Reason: SSO_NO_PROVIDER_ID (, , ) in failing Federation application

book

Article ID: 220795

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) SITEMINDER

Issue/Introduction

Accessing an application in our pre-production environment, the Federation Services returns the following error.

[2100/114575104][Wed Jul 21 2021 08:53:28][SSO.java][ERROR][sm-FedClient-02890] Transaction with ID: <value> failed. Reason: SSO_NO_PROVIDER_ID (, , )
[2100/114575104][Wed Jul 21 2021 08:53:28][SSO.java][ERROR][sm-FedClient-02420] Missing ProviderID in AuthnRequest to SAML2 Single Sign-On Service

The use case is SP-initiated (Service Provider initiated) via POST binding, and SiteMinder acts as IDP.

Cause

The Issuer element in the incoming authnrequest (SAMLRequest parameter) was positioned below the Signature element rather than above as required (1).

Resolution

The SP (Service Provider) had to change the format of the SAMLRequest such that the Issuer element appeared above the Signature element.

Additional Information

saml-schema-protocol-2.0

Feedback

thumb_up Yes

thumb_down No