Our CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
How can we resolve this?
Siteminder Policy Server version 12.52 SP1 on Win2008R2SP1 Access Gateway(Secure Proxy Server) version: 12.52 on Linux6.9
This issue was identified in Siteminder 12.52 base and above
DE342317 Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation
Upgrading the Access Gateway(Secure Proxy Server) version to 12.52 SP1 CR9 resolved the issue.
Note:
Even the referenced readme identifies the issue in the Siteminder Webagent Option Pack, the issue is also identified in CA Access Gateway(Secure Proxy Server)
KD : KB000108654