Hi Arvind,
This error can occur for multiple reasons. I assume that you've already verified the submitted SPID matches the SPID configured in the partnership (or in the Service Provider object if using Legacy Fed). The next thing to verify is that the partnership is activated since this error will occur if a request is submitted for an inactive partnership. If these conditions are all met, the next thing to examine is the policy server logs. Check the smps.log first in case the policy server is logging an error, but if no error there check for and track the Transaction ID in the policy server trace log. The FWSTrace.log will contain the Transaction ID, as will the error message displayed in the browser by default. The Fed_Server component needs to be part of the policy server trace configuration in order to fully track the federation transactions in the policy server trace log (else you may find the Transaction ID, but very little other info about the federation request processing).
If these tips don't help you to resolve the problem it may be best to open a support case so an engineer can help you analyze the configuration and request flow.
Regards,
Pete Burant
Broadcom Support
Original Message:
Sent: 06-07-2019 08:45 AM
From: Prachi.Nirav Chandan
Subject: CA SAML integration Issue
Hi Team,
I have done the integration from CA SSO SAML to Cloudera application but now I am facing the issue
when I am clicking on the cloudera application its throwing the 403 error and log we found that error is Failed to obtain the service provider.
Please help on.
BR\\
Arvind