Symantec Access Management

Tech Tip : CA Single Sign-On : Service Provider Facilities - Remote ID

  • 1.  Tech Tip : CA Single Sign-On : Service Provider Facilities - Remote ID

    Posted 10-18-2018 04:05 AM

    Question:


    We're running CA Single Sign-On 12.52SP1CR02 and we'd like to know if
    we can use CA Single Sign-On as SP, and as such, if being an SP it
    can generates Authnrequest with Subject tag as :

     

    <saml:Subject>
    <saml:NameID>jepm</saml:NameID>
    </saml:Subject>

     

    Is it supported to send Authnrequest containing this Subject tag ?

     

    Environment:

     

    Policy Server and CA Access Gateway 12.8

     

    Answer:

     

    There are no support for saml:Subject
    in the Authnrequest.

     

    By this Enhancement Request, this seems not to work completely and the
    NameID is mapped once the assertion get generated only.

    AuthnRequest Subject element handling

     

    https://communities.ca.com/ideas/235724331-authnrequest-subject-element-handling

     

     

    So said, we invite you to do the same and post and Idea on the
    Security Page.

     

    1. Go to the CA Security Overview Page :
    https://communities.ca.com/community/ca-security/ca-single-sign-on
    2. Click on the "Actions" drop-down menu and select "Create an
    idea."
    3. Give your idea a title and detailed description to encourage
    voting.
    4. Publish and vote on your idea!

     

    KB : KB000117753