When attempting to activate a second Federation Partnership that shares a remote Service Provider (SP) entity with an existing partnership, the Administrative UI (AdminUI) returns the following error:

"The remote entity can only be used in one partnership. Deactivate the partnership or add a disambiguation ID to the local entity to make the entity unique."

Despite the error message suggesting the use of a Disambiguation ID, the field is not visible or available within the Partnership or Entity configuration pages in the AdminUI.

• AdminUI 12.8 SP8 CR01
• Policy Server 12.8 SP8 CR01
• Remote Entity: SAP S/4HANA (or any SP requiring multiple partnerships with the same Entity ID)

In SiteMinder 12.8 and earlier versions, the Policy Store schema enforces a unique constraint on Remote Entity IDs within partnerships (1).

While the error message referencing "Disambiguation ID" may appear in certain 12.8 patches due to partial code alignment, the Disambiguation ID feature is a major architectural implementation that was not fully introduced until SiteMinder 12.9. This feature requires coordinated updates across the Policy Server, Administrative UI, Access Gateway (SPS), and the Policy Store schema itself.

Recommended Action: Upgrade to SiteMinder 12.9

The Disambiguation ID functionality is a core feature of the 12.9 release (2). It allows a single Remote Entity ID to be used across multiple partnerships by appending a unique internal identifier.

• Requirement: To utilize this feature, the Policy Server, AdminUI, Access Gateway, and Policy Store must all be at version 12.9.
• Reasoning: Because this feature involves schema changes and cross-component logic, it cannot be provided as a simple "hotfix" or backport for the 12.8 branch.

Workaround for Version 12.8

If an upgrade is not immediately feasible, you must ensure each partnership uses a unique Remote Entity ID.

1. SAP Virtual Providers: Check if SAP S/4HANA supports the configuration of multiple "Virtual Providers" or unique "SAML Identities."
2. Unique Entity IDs: Configure the SAP side to provide a distinct Entity ID for each specific application or tenant (3)(4).
3. Define Multiple Remote Entities: In SiteMinder, create separate Remote SP Entities for each unique ID provided by SAP, then map them to their respective partnerships.

1. SiteMinder 12.8 Release Documentation
   
   
2. SiteMinder 12.9 Release Notes: Support for Using the Same Remote Entity ID in Multiple SAML 2.0 Partnerships
   
   
3. SAML 2.0 Local IdP Entity Dialog (12.9 Documentation)
   
   
4. SAML 2.0 Local SP Entity Configuration (12.9 Documentation)