Our application works only as an SP, and responds to SP-initiated requests. This application would HTTP-POST a SAML request to SiteMinder and SAML response need to be generated in response to the SAML request.
Siteminder Policy Server 12.0 SP3
Web Agent 12.0 QMR03
This issue is related to the fact that in version 12.0 of Siteminder, there is only HTTP-REDIRECT binding for SP-initiated SAML requests. In addition, the InResponseTo attribute is never populated in an IdP-initiated request, because of the unsolicited nature of an IdP request.
In your .jsp page, instead of forcing it to be an IdP request, convert the HTTP-POST SAMLREQUEST parameter into HTTP-REDIRECT
1) Decode SAML request using the HTTP-POST binding decoding method
2) Re-encode the SAML request using HTTP-REDIRECT binding
You should then be able to construct a URL like this:
HTTP://IDP/AFFWEBSERVICES/PUBLIC/SAML2SSO?SAMLREQUEST=<REDIRECT encoded assertion>
This will do the work of "converting" the binding to one that is compatible with an application that requires HTTP-POST.
Example of an online tool to encode/decode SAML requests: