federation Single Logout Failing with ACS_FAILED_PROCESS_FAILURE

book

Article ID: 77015

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are setting-up a SAML 2.0 federation Partnership with an external IdP where CA SSO is acting as the SP. 

While configuring Single Logout, when we select SLO Binding (HTTP-Redirect and/or HTTP-Post) and activate the partnership, the authentication is broken and we get the below error:

The affwebservice.log shows a ACS_FAILED_PROCESS_FAILURE 
5912/3076][Thu Sep 07 2017 08:16:05][FWSBase.java][ERROR][sm-FedClient-00360] SAML Assertion based user authentication failed. () 
[5912/3076][Thu Sep 07 2017 08:16:05][AssertionConsumer.java][ERROR][sm-FedClient-02890] Transaction with ID: be5b4d91-557c5060-f01125a6-75de8b42-445cf089-1 failed. 

Reason: ACS_FAILED_PROCESS_FAILURE (, , ) 

How can we resolve this?

Environment

CA SSO Version r12.52 SP2 CR01 on Windows 2012 R2 
CA Access Gateway r12.52-sp01-cr06 on Windows 2012 R2 

Resolution

This issue has been fixed in Policy Server 12.52 SP1 CR9