Symantec Access Management

  • Private Community

  • 1.  IDP-Discovery

    Posted May 15, 2018 11:31 AM

    Anyone has configured IDP-Discovery ?



  • 2.  Re: IDP-Discovery

    Broadcom Employee
    Posted May 15, 2018 11:50 AM

    Hello Vasavi, What is the specific question you have. This should help, please review; e.g. for CA SSO R12.52SP1x Federation:

     

    IDP Discovery Profile (SAML 2.0) - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

     

    Regards.- Vijay



  • 3.  Re: IDP-Discovery

    Posted May 15, 2018 04:46 PM

    Here is what I have configured and facing an issue.

     

    Followed the document to configure IDP and SP

    Sp and IDP using same read only directories.

     

     Idp:  sps  12.8

    Enabled Idp discover

    Service url: http://xyz.a.c.com/affwebservices/public/saml2ipd

    Common domain: .c.com

    Aco parameter cookie domain : -

    CookieDomain

    .c.com

     

     

    SP: installed option 12.52 sp1

    Target url : http://abc.a.c.com/affwebservices/public/IdpDiscovery.jsp

     Aco paramenter cookie domain :-

    CookieDomain

    .a.c.com

     

     

     

    User able to authenticate and authorized

     

     When I click on “retrieve idp discovery cookie from IPD service”

     

    Get IdP Discovery cookie (common domain cookie) from IPD Service

    Retrieve idp discovery cookie from IPD Service

    Discovered IdP ids based on the common domain cookie

    _saml_idp cookie not found. User has not logged in to any common-domain-cookie enabled IdPs.

    GET /affwebservices/public/IdpDiscovery.jsp?SAMLResponsegetIPDCookieFailure HTTP/1.1



  • 4.  Re: IDP-Discovery

    Broadcom Employee
    Posted May 26, 2018 12:28 AM

    Vasavi,  I was going to suggest you to open a Support case and provide logs/traces, but I checked and you have already done so.

    - thanks, Vijay



  • 5.  Re: IDP-Discovery

    Posted Jan 04, 2019 04:19 PM

    sreev - I am also trying to implement IDP Discovery but I am facing the same issue mentioned above.

     

    Can you please let me know if you have managed to raise a support case for it. Are you able to implement it successfully ?

     

    Thank you in advance for your reply.

     

    Thanks,

    Gopi.



  • 6.  Re: IDP-Discovery

    Posted Jan 07, 2019 09:11 PM

    <a href="Retrieve" rel="nofollow" target="_blank">https://***.ca.com/affwebservices/public/saml2ipd?IPDTarget=http://zz.ca.com/affwebservices/public/IdpDiscovery.jsp&SAMLRequest=getIPDCookie">Retrieve idp discovery cookie from IPD Service</a>

     

    I was missing Retrieve ids discovery cookie from ipd service after I added that it worked



  • 7.  Re: IDP-Discovery

    Posted Jan 07, 2019 11:20 PM

    Thank you for the details.

     

    Could you please go through the below details and provide your thoughts.

     

    1. Our system is acting as Identity Provider.

    2. Vendor system is acting as Service Provider.

     

    As we are acting as Identity Provider, I have configured the below details in the federation partnership

     

    1. Navigated to a partnership

    2. Navigated to SSO and SLO section

    3. Configured the below details within IDP Discovery section

               Enable IDP Discovery : Yes

               Service URL: https://idpsystem.dev.com/affwebservices/public/saml2ipd  

               Common Domain: .dev.com

     

    I have referred the below CA Docs and made the configuration changes at IDP end

    IDP Discovery Profile (SAML 2.0) - CA Single Sign-On - 12.7 - CA Technologies Documentation 

         

    Can you please confirm if we need to make further any changes at IDP end ? 

     

     

    Thank you again for your help. 

     

    Thanks & Regards,

    Gopi.