Issue

Our CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.

How can we resolve this?

Environment

Siteminder Policy Server version 12.52 SP1 on Win2008R2SP1
Access Gateway(Secure Proxy Server) version: 12.52 on Linux6.9

Cause

This issue was identified in Siteminder 12.52 base and above

DE342317
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation

Resolution

Upgrading the Access Gateway(Secure Proxy Server) version to 12.52 SP1 CR9 resolved the issue.

Note:

Even the referenced readme identifies the issue in the Siteminder Webagent Option Pack, the issue is also identified in CA Access Gateway(Secure Proxy Server)

Additional Information

DE342317
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation

KD : KB000108654