Troubleshooting
Problem
Identity Provider and Service Provider is not recommended to be configured as partners on the same appliance or on the same external HVDB. This might lead to several features not functioning correctly. The following problems (but not limited to) might be encountered:
- HTTP Artifact binding SAML single sign flows does not work due to key conflict in storing the messages in runtime database.
- The STS chain mapping created internally for Identity Provider and Service Provider will have identical ‘issuer’ and ‘applies to’ which can lead to unexpected behaviour during runtime flow.
- Leads to database contention as the DMAP entries could be inserted or modified simultaneously by Identity provider and Service provider.
Environment
IBM Security Access Manager virtual or hardware appliance
Resolving The Problem
It is recommended that the Identity Provider and Service Provider that are partners reside in separate appliances configured with separate external HVDB.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"Federation","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
28 March 2019
UID
ibm10878847