SAML Metdata with AttributeService Fails to import from Administrative UI with Error "System error trying to perform entity import."
search cancel

SAML Metdata with AttributeService Fails to import from Administrative UI with Error "System error trying to perform entity import."

book

Article ID: 39016

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description

"System error trying to perform entity import."  error is popping up whenever attempting to import a Metadata that contains AttributeService

 

Resolution 

if AttributeService is being used , you need to check if AttributeService Binding contains a supported binding protocol .

Per SAML specification guide Section 6.3.1 Query/Request issued by SAML Requester , The SAML requester MUST use a synchronous binding, such as the SOAP binding [SAMLBind] 

"https://www.oasis-open.org/committees/download.php/35389/sstc-saml-profiles-errata-2.0-wd-06-diff.pdf" 

Siteminder supports SOAP binding for AttributeService.

In case the below for example was sent in the Metadata , the Import will fail from Administrative UI with error "System error trying to perform entity import."  

<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://one.ca.com/6033"/>

 

 

 

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:
Powered by Wolken Software