500 error when directly accessing ADFS RP based Target page (Legacy_Onyx KB Id: 258387)
search cancel

500 error when directly accessing ADFS RP based Target page (Legacy_Onyx KB Id: 258387)


Article ID: 55056


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When we access from WS-Federation (ADFS) Account Provider (AP), we use the following URLl


enter credentails, then we successfully access the WS_Fed auth protected resource on the SiteMinder Resource Provider side, which is

https://example.rp.com/fedapp/ --> this is siteminder protected resource.

Starting a new session, we are now trying to access the target page directly i.e.


and we would like to redirect the user to the original ADFS url which is


We tried several rules/responses but cannot get this to work. In fact it does not seem to hit the policy server at all.
We are observing 500 errors from the web agent and web agent trace logs.


This use case will always fail with the following error:

[444/2952][Tue Oct 09 2007 13:08:14][CSmHttpCredCore.cpp:1031][ERROR] User is trying to access a resource protected with federation auth scheme without fed auth scheme credentials. No way to challenge the user.

No event will be triggered that will result in a Status redirect from the Auth Scheme or a redirect response from Policy.

It may also be possible to accomplish this use case by configuring a custom 500 error page to be returned for the ADFS protected resource. Refer "Custom Error Handling for Applications" section in Web Agent Configuration Guide for more details.


Component: SMPLC