Federation Security Services Guide › Troubleshooting › SAML 1.x-Only Issues › Client Authentication Fails for SAML Artifact Single Sign-on

Client Authentication Fails for SAML Artifact Single Sign-on

Symptom:

Client certificate authentication for SAML 1.x artifact single sign-on fails at the producer and gives following error in the web-agent trace logs:

Setting HTTP response variable HTTP_consumer_name=from SiteMinder

For example, if the Attribute Name in the response is configured as "name" for an LDAP User Directory, the response will fail.

Solution:

Ensure that a Web Agent response is created under the domain FederationWebServicesDomain. The response should be as follows:

• Attribute type

  WebAgent HTTP Header variable

• Attribute Kind

  User Attribute

• Variable Name

  consumer_name

• Attribute Name

  uid (for LDAP) or name (for ODBC)