Release NotesFederation Security Services Release NotesDefects Fixed in the Web Agent 6.x QMR 5 Option PackFixes for Web Agent 6.x QMR 5 Option Pack › User Not Authorized Before Redirection to the Target Resource (46918)

Previous Topic: SiteMinder Rejects Assertion if <NameIdentifier> Element is Embedded in the <SubjectConfirmation> Value (51696)

Next Topic: Assertions Did Not Support Multi-byte Characters (47360)
User Not Authorized Before Redirection to the Target Resource (46918)

Symptom:

If you configure a SAML authentication scheme and select Server Redirect as the mode by which the user is redirected to the target resource, the authentication scheme fails to check if the authenticated user is also authorized before redirecting the user to the target resource.

Solution:

To fix this problem, the administrator must define realms, rules, and policies to protect target resources. In Server Redirect mode, the target URL is defined with respect to the context of the FWS servlet that consumes the assertion and not the root of the hosting web or application server. Specifically, realm definitions must start with /affwebservices in the resource filter of the realm.