Hello All,
we are using CA SiteMinder as our IDP for our federations. we use siteminder web agent option pack in our IDP environment. For a particular partnership SAML assertions that were sent to SP by our IDP are getting rejected because of AuthnStatement AuthnInstant is tool old. This particular SAML assertion is generated on 07/17/2018 13:59:27 but the timestamp of AuthnStatement AuthnInstant is set to 07/03/2018 14:58:27. we are not sure why AuthnStatement AuthnInstant timestamp is set that way.
<ns2:AuthnStatement AuthnInstant="2018-07-03T14:58:27Z" SessionIndex="pII5eRFB8NEiOVlQLQaHJMa+pvk=XNhWIw==" SessionNotOnOrAfter="2018-07-18T17:59:57Z">
<ns2:AuthnContext>
<ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
</ns2:AuthnContext>
</ns2:AuthnStatement>
When we try accessing the same partnership in a "New Browser Session" it setting the actual access timestamp on AuthnStatement AuthnInstant and SP is able to consume the assertion. But when we try to access the same partnership in a "New window" or "New Tab" we ending up with timestamp of AuthnStatement AuthnInstant is set to 07/03/2018 14:58:27. we tried clearing all cookies, browsing history and Cache from the browser and even tried close the browser and re-open it. But we still having the issue.
Any thoughts?
Environment:
SM WAOP : 12.50
SMPS: 12.52 SP1 CR06
Thank you,
Naveen