activeResponse error : Failed to get IIDSamlAttribute from Active Response

book

Article ID: 37696

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue: 

We are not receiving session attributes in SAML assertion and http headers after doing all the things like creating SAML 2.0 authentication scheme, set redirect mode to persist data and defined the respective rules and siteminder is acting as service provider. Still we are getting the below error:

active Response: Failed to get IIDSamlAttribute from Active response

Environment:  

SiteMinder versions running 12.5, 12.51, 12.52    

Cause: 

As the attributes seems to have been retrieved from SAML assertion and we are using session store enabled for this environment and the active response which we have created and mapped it in the policy doesn't look like getting the Session attributes derived in the active response and looks like the configuration is missing somewhere.

Resolution:

Please make sure that the realm should be persistent where you have mapped the SAML 2 authentication scheme.

 

Please note: If you want to add attributes to an assertion, please make sure that you are selecting the authentication scheme is configured to persist session attributes.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component: