Symptom:
When the NameID in an assertion was set to X509SubjectName and the NameID was configured as an LDAP DN, the Policy Server at the Identity Provider was escaping all the commas in the NameID. This format is wrong because only commas (and other special characters) within attribute values should be escaped. The commas that separate the different parts of the DN should not be escaped.
STAR Issue: 17509310;01
Solution:
When the NameID is set to X509SubjectName and the contents of the NameID is an LDAP DN, do not escape the commas separating the relative DNs. For example, the following DN is valid:
Uid = user1, dc=systemtest, dc=com
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |