ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Federation partnership not sending attributes

book

Article ID: 237336

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

The federation partner (Service Provider) is rejecting the SAML assertion.  The expected assertion attributes are not being passed.

Cause

Siteminder was the IDP (Identity Provider) with a third-party SP (Service Provider).  The SP was expecting a UserName attribute in the assertion, and while the attribute was included in the assertion, the value was not included.  This was because the user was authenticating to an unexpected user store in Siteminder and the needed attribute was not present in that user store for any users.  Thus, all users failed SAML assertion based authentication at the SP.

Environment

Release : ALL

Component : SiteMinder Federation

Resolution

Assure that the SAML users are authenticating to the user store that contains the needed assertion attributes or set up Identity Mapping such that the needed attributes can be retrieved from an alternate user store.