SAML2.0 Auth Scheme failure

book

Article ID: 37673

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Problem: 

When we are trying to create SAML2.0 authentication Scheme, it seems to be failing with below error in WAM UI:

Error: Task failed.

Fatal: Failed to execute CreateSAMLv2IdPEvent. ERROR MESSAGE: smApiWrappedException:CA.SM::[email protected]: Create failed. (Unknown Failure)

Environment:  

Federation versions running 12.51, 12.52 and AD LDS as policy store

Cause: 

As there is a limitation from the policy store when you are using AD LDS as policy store, we cannot create an object with the name contains more than 22 characters. If you create an object like SAML authentication scheme with more than 22 characters, you will see below error in smps log and above error in adminui.

You will see the below error in smps.log:

[24564/3908668272][Thu Sep 03 2015 18:51:06][SmObjProvider.cpp:187][ERROR][sm-Server-03090] Policy store failed operation 'Save' for object type 'PropertySection' . LDAP Error creating new PropertySection object

Resolution: 

We need to create an authentication scheme name of SAML 1.x/2.0 and WSFED authentication schemes with less than 22 characters to resolve the issue. It is not a limitation from siteminder end as it is limitation from AD LDS.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: