AnsweredAssumed Answered

Getting "Target resource is not protected by a SAML authentication scheme" with SiteMinder r12.52 Federated Partnership

Question asked by dmt953 on May 12, 2016
Latest reply on May 14, 2016 by Kelly Wong

Hello folks,

 

We are currently on our SiteMinder r12.0 SP3 and we utilize the SAML component quite extensively functioning both as SAML IDP and also SAML SP.  For the SAML SP role, we use the Legacy Federation Services with the Legacy UI to create a SAML 2.0 authentication template and we are very comfortable with this.  Moving to the new r12.52 we are encouraged to use the new SAML Federation Partnership method to create IDP and SP entity IDs.  I have been spending some time playing around with the new 12.52 Federation Partnership method to get comfortable with it but I am definitely a lot more comfortable with the good old "SAML 2.0 Authentication Scheme" method.  So with the new Federation Partnership method,  I setup a test SAML IDP/SP entityID/Partnership using OpenAM as the IDP and SiteMinder as the SP. This is where things get interesting because I need to create a new Realm to protect the SAML "TARGET" URL, but what authentication scheme do I specify for this realm?  I don't have the option to choose something like "Federation Partnership Authentication Scheme".

 

I am pretty sure I am missing some simple configuration step for this, but if you folks can point me to the right direction, I would much appreciate it

 

actionID: 1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f.]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][processSAMLResponse][IDPID (Issuer): http://vlslcosso10.regence.com:8081/opensso]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][SAML2Base.java][getIdentityProviderInfo][Trying to fetch SAML2.0 IDP Configuration from cache [CHECKPOINT = SSOSAML2_IDPCONFFROMCACHE_REQ]]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][SAML2Base.java][getIdentityProviderInfo][Obtained identity provider information from cache for: http://vlslcosso10.regence.com:8081/opensso.]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][FWSBase.java][getPartnershipSourceValue][Partnership source value = 1]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][Reading the configuration to get the target url [CHECKPOINT = SSOSAML2_READTARGETURL_REQ]]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][targetURL:https://vlslcsmf01.regence.com/affwebservices/redirectjsp/vlslcosso10_landing.jsp usingRelayState: false]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][The resource URL appended with optional query param: /affwebservices/redirectjsp/vlslcosso10_landing.jsp?SAML2IDPID=http://vlslcosso10.regence.com:8081/opensso]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][Calling isProtected with resource: /affwebservices/redirectjsp/vlslcosso10_landing.jsp?SAML2IDPID=http://vlslcosso10.regence.com:8081/opensso]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][IsProtected call to policy server for target resource realm [CHECKPOINT = SSOSAML2_ISPROTECTEDCALLTOPS_REQ]]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][Result code from Sm_AgentApi_IsProtectedEx: 1]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][Realm Name: FederationWebServicesRealm]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][Realm OID: 06-a0cf82a7-d831-453d-ac9e-8ed814f90369]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][getRealmForTarget][Target resource is not protected by a SAML authentication scheme. Redirecting the user to Target: https://vlslcsmf01.regence.com/affwebservices/redirectjsp/vlslcosso10_landing.jsp using '302 No Data' redirect mode.]

[05/12/2016][23:10:29][5042][4056648592][1dd7a3d8-52a0770f-7cc42c34-4167ecc0-4f93e380-4f][AssertionConsumer.java][doPost][

Outcomes