Symantec Access Management

Hello All,

I am having an issue with SP-initiated federation when SP using HTTP-POST as there HTTP-BINDING. I found this CA knowledge base document regarding to this issue.

Here is the link:

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1344266.html 

According to this KD prior to SiteMinder version 12.52, HTTP-POST will not work with SP-Initiated if they are using HTTP-POST as their HTTP-BINDING and it always be a HTTP-REDIRECT. But from the version of SiteMinder 12.52, CA introduced both HTTP-POST and HTTP-REDIRECT into mix.

My issue is our SP provider is using HTTP-POST as HTTP-BINDING and it is working on Mozilla FireFox and it is not working on Chrome and IE. If SP is using HTTP-REDIRECT as HTTP-BINDING it is working on all three browsers.From IDP side we are allowing both HTTP-REDIRECT and HTTP-POST. I just want to know if anybody is having a similar issue or is there any resolution for this?

Error message from affwebserv.log

[26169/4135487232][Mon Feb 06 2017 20:11:58][SSO.java][ERROR][sm-FedClient-02380] No SAMLRequest or SPID parameter in request to SAML2 Single Sign-On Service.

Version Info:

SiteMinder Policy server : 12.52.105.2113

SiteMinder Option pack Agent :12.52.100.499

Hi Naveen,

please open a support ticket so that we can fully review your log files.  When you open the ticket, please provide the following logs:

-Policy server trace

-Fiddler trace from IE use case and also Firefox use case

-FWSTrace log

-Agent trace log

Thank you,

Justin