ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

federation Single Logout Failing with ACS_FAILED_PROCESS_FAILURE


Article ID: 77015


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We are setting-up a SAML 2.0 federation Partnership with an external IdP where CA SSO is acting as the SP. 

While configuring Single Logout, when we select SLO Binding (HTTP-Redirect and/or HTTP-Post) and activate the partnership, the authentication is broken and we get the below error:

The affwebservice.log shows a ACS_FAILED_PROCESS_FAILURE 
5912/3076][Thu Sep 07 2017 08:16:05][][ERROR][sm-FedClient-00360] SAML Assertion based user authentication failed. () 
[5912/3076][Thu Sep 07 2017 08:16:05][][ERROR][sm-FedClient-02890] Transaction with ID: be5b4d91-557c5060-f01125a6-75de8b42-445cf089-1 failed. 


How can we resolve this?


CA SSO Version r12.52 SP2 CR01 on Windows 2012 R2 
CA Access Gateway r12.52-sp01-cr06 on Windows 2012 R2 


This issue has been fixed in Policy Server 12.52 SP1 CR9