Troubleshooting
Problem
Created a SAML Identity Provider with multiple Service Provider partners.
When 2 or more partner definitions have same Assertion Consumer Service URL entry, IdP initiated SSO or SP initiated SSO is failed.
Symptom
Cause
An Identity Provider definition can have multiple Service Provider partners.
Each partner has individual partner ID. However, some of partners can have same Assertion Consumer Service URL.
When multiple partner definitions have same Assertion Consumer Service URL entry, the Identity Provider sends assertion with incorrect attributes to Assertion Consumer Service URL for Service Provider.
Each partner has individual partner ID. However, some of partners can have same Assertion Consumer Service URL.
When multiple partner definitions have same Assertion Consumer Service URL entry, the Identity Provider sends assertion with incorrect attributes to Assertion Consumer Service URL for Service Provider.
Diagnosing The Problem
On LMI, show each partner definition for the Identity Provider federation definition.
Switch Single Sign-on setting tab and get binding URL
Compare binding URL of each partner to find partners that have same Binding method and URL pair.
Resolving The Problem
Create duplicate Identity Provider federation for each Service Provider partner that has duplicate Assertion Consumer Service URL. For example, myidp and myidp2 Identity Providers.
- www.myidp.ibm.com/isam/sps/myidp/saml20/
- www.myidp.ibm.com/isam/sps/myidp2/saml20/
Import partner metadata for each Service Provider into each Identity Provider.
Make sure to import correct Identity Provider metadata on each Service Providers.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRGTL","label":"IBM Security Verify Access"},"ARM Category":[{"code":"a8m0z000000cxugAAA","label":"Security Verify Access-\u003EFederation"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
30 April 2023
UID
ibm16987449