CA SiteMinder® Federation Standalone Installation and Upgrade Guide › Upgrade a 12.x System to CA SiteMinder® Federation Standalone 12.52 SP1 › How to Upgrade to CA SiteMinder® Federation Standalone 12.52 SP1 › Verify that Existing Partnerships Have Unique Backchannel User Names

Verify that Existing Partnerships Have Unique Backchannel User Names

During an HTTP-Artifact single sign-on transaction, the asserting party returns the assertion to the relying party over a secured back channel. You can require an entity to authenticate to access the back channel. If you select Basic as the authentication method for the back channel, a user name is needed.

Before you upgrade, verify that each federated partnership within the same SAML profile uses a unique user name for the incoming back channel. No two SAML 2.0 or two SAML 1.x partnerships can share an incoming back channel user name.

Note: A SAML 1.x and a SAML 2.0 partnership can share an incoming back channel user name, but it is not recommended.

If there are partnerships of the same protocol that share an incoming back channel user name, do the following steps before you upgrade:

1. Deactivate one of the partnerships.
2. Change the back channel user name that is defined in that partnership.
3. Inform the remote partner of the change.

Reactivate the partnership.