Client Authentication Fails for SAML Artifact Single Sign-on

Configuration Guides › Federation Security Services Guide › Troubleshooting › SAML 1.x-Only Issues › Client Authentication Fails for SAML Artifact Single Sign-on

Client Authentication Fails for SAML Artifact Single Sign-on

Symptom:

Client certificate authentication for SAML 1.x artifact single sign-on fails at the producer. The following error is logged in the web agent trace logs:

Setting HTTP response variable HTTP_consumer_name=from SiteMinder

For example, if the Attribute Name in the response is configured as "name" for an LDAP User Directory, the response fails.

Solution:

Verify that you create a Web Agent response under the domain FederationWebServicesDomain. The response must be as follows:

Attribute type: WebAgent HTTP Header variable
Attribute Kind: User Attribute
Variable Name: consumer_name
Attribute Name: uid (for LDAP) or name (for ODBC)

Email CA Technologies about this topic