SAML2.0 Auth Scheme failure
search cancel

SAML2.0 Auth Scheme failure


Article ID: 37673


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When we are trying to create SAML2.0 authentication Scheme, it seems to be failing with below error in AdminUI:

Error: Task failed.

Fatal: Failed to execute CreateSAMLv2IdPEvent. ERROR MESSAGE: smApiWrappedException:CA.SM::SAMLv2IdP@21-xxxxxxxx-xxxx-1xxx-8xxx-exxxxxxxxx: Create failed. (Unknown Failure)






Policy Server: 12.8.x and AD LDS as policy store


As there is a limitation from the policy store when you are using AD LDS as policy store, we cannot create an object with the name contains more than 22 characters.

If you create an object like SAML authentication scheme with more than 22 characters, you will see below error in the SMPS.log and above error in AdminUI.

Error in smps.log:

[SmObjProvider.cpp:187][ERROR][sm-Server-03090] Policy store failed operation 'Save' for object type 'PropertySection' . LDAP Error creating new PropertySection object


We need to create an authentication scheme name of SAML 1.x/2.0 and WSFED authentication schemes with less than 22 characters to resolve the issue.

It is not a limitation from siteminder end as it is limitation from AD LDS.