When running an AdminUI, and trying to activate a partnership, the browser receives an error:
"Error: Error activating Partnership myPartnership"
The AdminUI reports:
2022-11-09 08:29:29,505 [INFO] ims.ui.ConsolePageFilter  - dispatch=/app/ui7/index.jsp
2022-11-09 08:29:29,678 [ERROR] com.ca.federation.adminui.backingbean.federation.PartnershipListBean  - **ERROR** com.ca.fedxps.api.remote.FedXPSException during UI operation.
com.ca.fedxps.api.remote.FedXPSException: Activation of partnership failed
at com.ca.federation.api.remote.FedServices.activate(Unknown Source) ~[fedremoteapi.jar:?]
at com.ca.federation.adminui.backingbean.federation.PartnershipListBean.activatePartnership(PartnershipListBean.java:2143) ~[fedmgr.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_212]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_212]
Release : 12.8
The cause of being unable to activate the partnership is due to activating the two partnerships on the same Entity ID.
The entity id https://myserver.mydomain.com present in partnership "myPartnership" is trying to act but it failed due to its already active in the "Legacy" Partnership from the "myLegacyPartnership" Authentication Scheme definition.
In Authentication Schemes › View Authentication Scheme: myLegacyPartnership › View SAML 2.0 properties
Under User Disambiguation, the XPath Query is active.
From the help page for the checkbox Active in auth schemes, the same identity values can't be used in more than 1 partnership (1).
Deselect this XPath Query check box in the Legacy Partnership "myLegacyPartnership", save the configuration, and activate the partnership "myPartnership" to solve this issue.
Indicates whether the legacy federation configuration is in use
for a particular partnership. If the Policy Server is using the
legacy federation configuration, confirm this check box is
selected. If you have recreated a federated partnership with
similar values for identity settings, such as source ID, clear
this check box before activating the federated partnership.
SiteMinder cannot work with a legacy and partnership configuration
that use the same identity values or a name collision occurs.