Layer 7 Access Management

Tech Tip : CA Single Sign-On : SAML Response shows dupllicated id

  • 1.  Tech Tip : CA Single Sign-On : SAML Response shows dupllicated id

    Posted 04-29-2019 03:52 AM

    Issue:

     

    We're Running a Policy Server, and in the Federation Journey, we see
    that the SAML Responses show duplicated ID and as such the SP side
    cannot consume the assertion.

     

    <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="_989cd331197cb7da92c224ca7c6467544bfd"
    Id="_989cd331197cb7da92c224ca7c6467544bfd"
    IssueInstant="2019-04-29T06:11:42Z"
    Version="2.0"

    How can we fix this ?

     

    Environment:

     

    Policy Server 12.8SP0CR00 on RedHat 7;
    Policy Server JDK 1.8.0_181;
    Policy Store on CA Directory 14.0;
    Admin UI 12.8SP1 on Windows 2012 R2 ;

    Cause:

     

    This is corrected in Policy Server 12.8SP1 :

    Defects Fixed in 12.8.01

     

    01090398, 01121619,

    01153845, 01136496,

    01137702, 01169777

    DE365688

    DE371749

    Single sign-on fails as Policy Server issues duplicate assertion IDs in an assertion.

     

    https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/service-packs/defects-fixed-in-12-8-01

    Resolution:

     

    We suggest you to upgrade to the latest version 12.8SP02 in order to
    insure to have all the latest fix including this one.

     

    KB : KB000131449