Symantec Access Management

  • 1.  CA SSO : R12.52 - Supported Auth Requests (for Affiliate Domain)?

    Posted Jul 09, 2018 08:02 AM

    Hi,

     

    Could you please confirm if 'POST' Binding Authentication Request is supported for Affiliate Domain (SAML Service Provider) on R12.52 version. If yes, kindly let me know how to configure the same.

     

     

    Currently, I am getting the below error message.

    Reason: UNSUPPORTED_AUTHN_REQUEST_BINDING

    Request received on POST but POST not enabled.]

     

    Reference:

    Tech Tip - CA Single Sign-On: SP-initiated SSO is failing with error 400 

     

    Thanks.

     

    Regards,

    Dhilip



  • 2.  Re: CA SSO : R12.52 - Supported Auth Requests (for Affiliate Domain)?

    Posted Jul 09, 2018 08:13 AM

    Hi,

     

    In the export of the configuration, I could see the following entries so I think it is possible to use Post Binding Authentication Request in Affiliate Domain as well. 

     

    <Property Name="CA.SM::SAMLv2SP.EnableAuthnRequestPost">
    <BooleanValue>false</BooleanValue>
    </Property>

     

    Could you please let me know how to modify the same using WAMUI?

    Thanks.

     

    Regards,

    Dhilip



  • 3.  Re: CA SSO : R12.52 - Supported Auth Requests (for Affiliate Domain)?

    Posted Jul 09, 2018 08:36 AM

    All new enhancements are being done only to Partnership model. From what I remember we no longer do any feature enhancement to Legacy model.

     

    That being said, what is being spoken is affiliate domain.

     

    I am pretty sure that any new features that are being added are not available via legacy model and affiliate domain. There is no option via WAM UI.

     

    The only CA Supported option is to migrate to Partnership model.

     

    I would recommend to use Partnership model. I would not recommend modify the object on the XPS layer (via XPSExplorer). If you do choose to do that and if it works. Please test it. As it would not be something that we would encourage as a solution nor would it be something that we'd have certified.



  • 4.  Re: CA SSO : R12.52 - Supported Auth Requests (for Affiliate Domain)?

    Posted Jul 10, 2018 02:42 AM

    Hi Hubert,

     

    Thanks for your response and suggestion. Though it is not recommended to modify via XPSExplorer, out of curiosity I tried the same . But, it did not make any difference, I was getting the same error message. So, I think Post Binding Authentication Request (in Affiliate Domain) is not supported by any means.

     

    Regards,

    Dhilip