Partnership not working when SPID contains "&" chars

book

Article ID: 35389

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Problem

When Configuring Partnership and especially with EntityID(IDPID and SPID), you can use URL as per documentation but if you are using special chars like "&" it is failing.

For example, configuring SPID with format like : https://server.domain.com/toto/url.jsp?key=561901&field=titi&type=3 is failing.

Indeed the Federation services fails to retreive the Servide Provider ID until https://server.domain.com/toto/url.jsp?key=561901

Environment

Any Siteminder AdminUI environment : 12.5 / 12.51 / 12.52 / 12.52 SP1 when configuring entitied for partnerships

Any SecureCloud environment : 1.5x

Resolution

You can not use the "&" in the SPID as it is a special char part of a query string like "?"

Because the ampersand character in the EntityID query string will be recognized as a separate query parameter.

The below Reference URL is more appropriate, which states


•    An entity ID: 1) MUST be a URI, 2) SHOULD be an absolute URL, and 3) SHOULD NOT be a URN
•    The entity ID MUST be globally unique to avoid name collisions both within the Federation and across federations
•    If the entity ID is a URL (which is strongly RECOMMENDED), then:
o    the host part of the URL MUST be a name rooted in the organization's Primary DNS Domain
o    the URL MUST NOT contain a port number, a query string, or a fragment identifier

https://spaces.internet2.edu/display/InCFederation/Entity+Ids

Recommended EntityID would be :

Invalid EntityID would be :

 

Environment

Release:
Component: SMAUI