CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected

book

Article ID: 108654

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Our CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected. 

How can we resolve this?

Cause

This issue was identified in Siteminder 12.52 base and above

DE342317    
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected. 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation

Environment

Siteminder Policy Server version 12.52 SP1 on Win2008R2SP1 
Access Gateway(Secure Proxy Server) version: 12.52 on Linux6.9

Resolution

Upgrading the Access Gateway(Secure Proxy Server) version to 12.52 SP1 CR9 resolved the issue.

Note:

Even the referenced readme identifies the issue in the Siteminder Webagent Option Pack, the issue is also identified in CA Access Gateway(Secure Proxy Server)

Additional Information

DE342317    
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected. 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation