Question:
We're running CA Single Sign-On 12.52SP1CR02 and we'd like to know if
we can use CA Single Sign-On as SP, and as such, if being an SP it
can generates Authnrequest with Subject tag as :
<saml:Subject>
<saml:NameID>jepm</saml:NameID>
</saml:Subject>
Is it supported to send Authnrequest containing this Subject tag ?
Environment:
Policy Server and CA Access Gateway 12.8
Answer:
There are no support for saml:Subject
in the Authnrequest.
By this Enhancement Request, this seems not to work completely and the
NameID is mapped once the assertion get generated only.
AuthnRequest Subject element handling
https://communities.ca.com/ideas/235724331-authnrequest-subject-element-handling
So said, we invite you to do the same and post and Idea on the
Security Page.
1. Go to the CA Security Overview Page :
2. Click on the "Actions" drop-down menu and select "Create an
idea."
3. Give your idea a title and detailed description to encourage
voting.
4. Publish and vote on your idea!
KB : KB000117753