Reusing the same remote Entity ID in multiple active partnership

search cancel

Reusing the same remote Entity ID in multiple active partnership

book

Article ID: 267142

calendar_today

Updated On:

Products

SITEMINDER CA BCS Premier for CA Single Sign-On CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Let's assume the following configuration:

SiteMinder acting as SP and ADFS acting as an IDP.
The IDP would like 3 partnership connections for 3 separate applications, but there is only one Azure domain or tenant (one entity ID url string).
The application wants to go with ADFS where there is only one remote entity ID.

The question is whether there is any configuration in SiteMinder which will allow multiple partnerships using the same IdP

Environment

All releases up to 12.8.08

Cause

This is a known SiteMinder Federation design and is documented in the technical documentation for release 12.8.

Resolution

This is a limitation by design in SiteMinder. There must be a unique mapping between IdP and SP, so reusing an IdP is not possible within the current design

In the example case the easiest solution would be creating 3 separate Azure domains, then each will have its own unique entity ID string.

The situation may change in future releases and Service Packs of SiteMinder, so please make sure to check the documentation

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/using/administrative-ui/federation-entities-reference/entities-created-without-metadata/saml-2-0-remote-idp-entity-configuration.html

Attachments

1685629381869__IssuerId_fix_1287.zip get_app

Feedback

thumb_up Yes

thumb_down No