Problem

When Configuring Partnership and especially with EntityID(IDPID and SPID), you can use URL as per documentation but if you are using special chars like "&" it is failing.

For example, configuring SPID with format like : https://_host.example.com/xxx/url.jsp?key=561901&field=titi&type=3 is failing.

Indeed the Federation services fails to retreive the Servide Provider ID until https://_host.example.com/toto/url.jsp?key=561901

Environment

Any Siteminder AdminUI environment : 12.5 / 12.51 / 12.52 / 12.52 SP1 when configuring entitied for partnerships

Any SecureCloud environment : 1.5x

Resolution

You can not use the "&" in the SPID as it is a special char part of a query string like "?"

Because the ampersand character in the EntityID query string will be recognized as a separate query parameter.

The below Reference URL is more appropriate, which states

•    An entity ID: 1) MUST be a URI, 2) SHOULD be an absolute URL, and 3) SHOULD NOT be a URN
•    The entity ID MUST be globally unique to avoid name collisions both within the Federation and across federations
•    If the entity ID is a URL (which is strongly RECOMMENDED), then:
o    the host part of the URL MUST be a name rooted in the organization's Primary DNS Domain
o    the URL MUST NOT contain a port number, a query string, or a fragment identifier

https://spaces.internet2.edu/display/InCFederation/Entity+Ids

Recommended EntityID would be :

• https://idp_name.example.com/idp
• https://idp_name.example.com/sp

Invalid EntityID would be :

• http://_idp.example.com/affwebservices/public/saml2sso?SPID=http://_host.example.org?key=xxx&test=1
• http://_idp.example.com/affwebservices/public/saml2sso?SPID=http://_host.example.org?key=xxx (may work but not advisable to use)