Symptom:
Users could not use Microsoft Outlook to log in to an email account hosted by Exchange Online, which is part of Office 365. The algorithm for signing assertions prevented successful authentication.
Solution:
Microsoft has fixed the issue and it is no longer a problem.
Symptom:
Same issue as CloudMinder (CQ 169860)
Testing SSO between CloudMinder and an application that was developed
using Windows Identity Foundation (WIF) for federation.
The CloudMinder operations team has set up a WS-Federation partnership with
the application, where CloudMinder is the IDP
When the users go to the application, they are redirected to CloudMinder. He
can authenticate successfully to CloudMinder and CloudMinder then redirects
the user back to the application with the WS-Fed response message.
The application is failing to validate the response message. It is throwing
an error about an incorrectly formatted date-time.
Solution:
This defect has been fixed indirectly by addressing the problem through CloudMinder.
Star issue
Symptom:
There is an issue in federation between SiteMinder and Microsoft ACS. ACS is strict about the sequence of the XML response. They matched the schema defined here:
http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17
which indicates that the Signature element should appear directly after the Issuer.
In the SAML response captured from SiteMinder, the Signature is coming at the end after the AttributeStatement.
Solution:
This problem has been corrected.
Star issue 21710666-01
Symptom:
The Metadata of an SP object is imported as that of an IDP object.
Solution:
This issue is resolved.
STAR issue: 21696321-01
Symptom:
Administrative UI does not provide an option to configure the NameQualifier attribute for partnerships.
Solution:
This issue is fixed. You can use the Java VM configuration directive -DREMOVE_EMPTY_SAML_NAMEQUALIFIER_ATTRIBUTE=TRUE and set it to true if it wants to remove the NameQualifier attribute name when the value is empty or null. However, the default will be false, ie. if this directive was never set or if the directive is set to false. If the directive is false, then the NameQualifier attribute name will be present in the NameIdentifier tag whether there is a value associated with the NameQualifier attribute.
STAR issue: 21562902-1
Symptom:
The customer receives large data from his federation partner to send to Target URL and to Provisioning URL. The customer was concerned that the data can get lost when stored in the cookie, because of the data length limitation. The customer requested that the data be sent in the form of POST to the Target Application and the Provisioning Application instead of using the cookie.
Solution:
This change has been made.
Star issue 21268919;1
Symptom:
While exporting an entity and specifying –pubkey or –sing option caused the fedexport utility to fail.
Solution:
This problem has been corrected.
Star issue 21594883
Symptom:
Import into CA SiteMinder® Federation failed for the SP entity from a multi-entity XML metadata file. The metadata has both an IdP and an SP with the same entity name. The confirmation screen showed the SP to be imported and created. After completing the import, the IdP was imported, not the SP.
Solution:
This problem has been corrected.
Star issue 21588277-1
Symptom:
A user specified as needing access to affwebservices during partnership creation was denied access. The user directory was Active Directory and the user class was Group.
Solution:
This problem has been corrected.
Star issue 21422866
Symptom:
The decrypted assertion was available in postDisambiguateUser() method to the MCP, and not available in postAuthenticateUser() method to the MCP. Customer had a requirement to have the decrypted assertion available in the postAuthenticateUser() method to the MCP.
Solution:
This problem has been corrected.
Star issue 21407539
Symptom:
The customer was acting as the Service Provider and using persist attributes as redirect mode.
While invoking the session server, the following exception appeared in the smtrace logs:
[09/24/2013][12:58:27][9884][8812][SamlValidator.java][smAuthenticate][][][][][][][][][][][][][][Beginning to invoke session server interface][][][12:58:27.666] [09/24/2013][12:58:27][9884][8812][SamlValidator.java][smAuthenticate][][][][][][][][][][][][][][Processing attribute data. Name: urn:mace:dir:attribute-def:mail Value: Janet.Peri@uth.tmc.edu][][][12:58:27.666] [09/24/2013][12:58:27][9884][8812][SamlValidator.java][smAuthenticate][][][][][][][][][][][][][][SamlValidator (SAML POST/Pass 2)Caught unknown exception or error: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String - Stacktrace: java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String
Solution:
This problem has been corrected.
Star issue 21545080-1
Symptom:
Customer reported that they saw a null pointer exception for the certs for every certificate cache update interval.
Solution:
This problem has been corrected.
Star issue 21566550;1
Symptom:
A customer request thatthis error message be reworded:
“Release is not the WA-OP - not doing anything”
Solution:
After the correction:
“Cannot initialize; Likely caused by uninitialized NETE_WA_ROOT environment variable"
Star issue 21538180
|
Copyright © 2014 CA.
All rights reserved.
|
|