Symptom:
Client certificate authentication for SAML 1.x artifact single sign-on fails at the producer and gives following error in the web-agent trace logs:
Setting HTTP response variable HTTP_consumer_name=from SiteMinder
For example, if the Attribute Name in the response is configured as "name" for an LDAP User Directory, the response will fail.
Solution:
Ensure that a Web Agent response is created under the domain FederationWebServicesDomain. The response should be as follows:
WebAgent HTTP Header variable
User Attribute
consumer_name
uid (for LDAP) or name (for ODBC)
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |