ADFS Rejecting SAML Assertion

book

Article ID: 74917

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

ADFS is rejecting the assertion from SM, complaining that the SPID was not passed in URI format.  The SPID format is 'unspecified'.

Cause

Regardless of the attribute format, ADFS expects the SPID to be of the https://name.sub.domain format.  As Siteminder doers not have such a limitation, the customer had configured a value without 'https://' in front of it.

Environment

Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
Component:

Resolution

Configure the SPID value to be URI format.  It should look like a root URL: https://SPID.company.com