After update to 21.0.2HF2, SAML requires REDIRECT instead of POST
search cancel

After update to 21.0.2HF2, SAML requires REDIRECT instead of POST


Article ID: 245078


Updated On:


CA Automic Workload Automation - Automation Engine CA Automic One Automation


Using POST only in SAML setup will cause the login page to loop back to the AWI login page after authenticating against SSO.

Steps to reproduce

  1. Have a system set up with SAML
  2. Open UC_SAML_SETTINGS in client 0
  3. Remove the SingleSignOnService with binding of http-redirect:
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=""/>
  4. Save
  5. Attempt to login again with SAML

Expected behavior:
You get beyond the login page and into the AWI as expected

Actual behavior:
The login takes you back to the base login page for AWI (Login Type is set back to Automation Engine)

JCP log shows:
20220519/105643.694 - 74     U00003407 Client connection '*CP003#00000010' from 'IP:65317' has logged off from the Server.
20220519/105756.083 - 1358   U00003406 Client connection 'CP003#00000011'  from 'IP' has logged on to the Server.
20220519/105756.088 - 63     U00003459 Dialog '0000,UNKNOWN,UC4' logged on (Client connection='*CP003#00000011').

JWP log does not show anything related to SAML or login

Having Redirect by itself and not post works.

In 12.3, the opposite was true, POST did not work by itself, but Redirect did.

ref: Setting up Single Sign On - SAML documentation


Release : 21.0.2



Fixed in 21.0.4HF1 - Available.

Please note that the component with the bug was the AWI.  An upgrade to the AWI also requires an upgrade to the utilities, initialdata, and automationengine components.


Use REDIRECT instead of POST or have both in the UC_SAML_SETTINGS:
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=""/>