FederationFederation Security Services GuideTroubleshootingSAML 1.x-Only Issues › Client Authentication Fails for SAML Artifact Single Sign-on

Previous Topic: Authentication Fails After Modifying Authentication Method

Next Topic: SAML 2.0-Only Issues
Client Authentication Fails for SAML Artifact Single Sign-on

Symptom:

Client certificate authentication for SAML 1.x artifact single sign-on fails at the producer and gives following error in the web-agent trace logs:

Setting HTTP response variable HTTP_consumer_name=from SiteMinder

For example, if the Attribute Name in the response is configured as "name" for an LDAP User Directory, the response will fail.

Solution:

Ensure that a Web Agent response is created under the domain FederationWebServicesDomain. The response should be as follows:

Attribute type

WebAgent HTTP Header variable

Attribute Kind

User Attribute

Variable Name

consumer_name

Attribute Name

uid (for LDAP) or name (for ODBC)