Federation Security Services Guide › Troubleshooting › SAML 1.x-Only Issues › Consumer Not Authenticating When Accessing Assertion Retrieval Service

Consumer Not Authenticating When Accessing Assertion Retrieval Service

Symptom:

In an environment using SAML 1.x artifact single sign-on, the consumer fails authentication when trying to access the Assertion Retrieval Service at the producer.

Solution:

Depends upon the configured authentication:

• If Basic authentication is configured to protect the Assertion Retrieval Service, ensure that the Name and Password values specified in the Affiliate Properties dialog at the producer site match the Affiliate Name and Password values configured for the SAML Artifact authentication scheme at the consumer site.
• If client certificate authentication is configured to protect the Assertion Retrieval Service, ensure that the consumer's client certificate is valid and that it is present in the consumer's AM.keystore database. Additionally, ensure that the certificate of the Certificate Authority that issued the client certificate is present in the Web server key database at the producer.