ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Federation partnership not sending attributes


Article ID: 237336


Updated On:


SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)


The federation partner (Service Provider) is rejecting the SAML assertion.  The expected assertion attributes are not being passed.


Siteminder was the IDP (Identity Provider) with a third-party SP (Service Provider).  The SP was expecting a UserName attribute in the assertion, and while the attribute was included in the assertion, the value was not included.  This was because the user was authenticating to an unexpected user store in Siteminder and the needed attribute was not present in that user store for any users.  Thus, all users failed SAML assertion based authentication at the SP.


Release : ALL

Component : SiteMinder Federation


Assure that the SAML users are authenticating to the user store that contains the needed assertion attributes or set up Identity Mapping such that the needed attributes can be retrieved from an alternate user store.