Siteminder: Denying invalid request with both AssertionConsumerServiceURL and AssertionConsumerServiceIndex attributes set
search cancel

Siteminder: Denying invalid request with both AssertionConsumerServiceURL and AssertionConsumerServiceIndex attributes set

book

Article ID: 369916

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

SP Initiated Federation AuthnRequest getting 403 forbidden error when the login attempt to Federation application.

Environment

PolicyServer: 12.8 SP7

Access Gateway: 12.8 SP7

Cause

AuthnRequest containing both AssertionConsumerServiceURL and AssertionConsumerServiceIndex.

Resolution

As per the OASIS SAML specification,

AssertionConsumerServiceURL attribute is mutually exclusive with the AssertionConsumerServiceIndex attribute.

Additional Information

Oasis SAML Reference:

https://groups.oasis-open.org/higherlogic/ws/public/download/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf

Powered by Wolken Software