Symantec Access Management

Hello,

I am having a issue in which when I hit the SP initiated URL Federation works fine (SAML Generated) and I am able to login and then able to browse the other Non-SAML siteminder protected URL's

But when I hit Non-saml Siteminder Protected URL and login successfully and then try to hit the SP initiated URL it gives me error:

[10/02/2017][21:11:28][2124][2236][152cfa46-05f6ba45-9d86dd8b-a32785b3-c4fa0729-8a7][SSO.java][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=NO.]
[10/02/2017][21:11:28][2124][2236][152cfa46-05f6ba45-9d86dd8b-a32785b3-c4fa0729-8a7][SSO.java][processAssertionGeneration][Transaction with ID: 152cfa46-05f6ba45-9d86dd8b-a32785b3-c4fa0729-8a7 failed. Reason:
FAILED_INVALID_RESPONSE_RETURNED]

Please suggest what I could be missing here.

"Received the following response from SAML2 assertion generator: SAML2Response=NO"  means that the CA SSO Policy Server rejected your request.

This could be due to a variety of reasons e.g. UD mismatch in Partnership. When we login to a non SAML protected resource the Policy Domain Model or Application Model comes into play and also the UD associated with the Policy Domain. When we try to do purely an IdP initiated flow or SP initiated flow SAML flow the Partnership model and also the UD associated with the Partnership comes into play. If SP initiated flow worked, then that tells us that there is no issues with the Partnership. The only missing piece is the SSO between Policy Domain Model and Partnership Model; this typically starts with mismatch UD names used in Policy Domain & Partnership. Check if the UD in Policy Domain match the UD in Partnership.

Additionally, Please check the smtracedefault.log in the Policy Server. That would tell us why this failed. Then we could take appropriate action.