Symantec Access Management

  • Private Community
 View Only

  • 1.  Siteminder Metadata import with webui always chooses the lousest protocol with protocolEnum

    Posted Jan 19, 2021 04:09 AM
    When importing metadatat such as the one below, it is impossible to get a SAML2 entity.
    At least with all my trials.

    Why is this, and is there a plan for changing it?




    <?xml version="1.0" encoding="utf-8"?>

    <EntityDescriptor entityID="https://agren.se/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">

      <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">

        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://agren.se/" index="1" />

      </SPSSODescriptor>

    </EntityDescriptor>



    ------------------------------
    Senior System Architect
    Tieto
    ------------------------------


  • 2.  RE: Siteminder Metadata import with webui always chooses the lousest protocol with protocolEnum

    Posted Jan 24, 2021 04:38 PM
    What kind of error you are getting? Or It automatically chooses SAML 1.1?
    Original Message


  • 3.  RE: Siteminder Metadata import with webui always chooses the lousest protocol with protocolEnum

    Posted Jan 25, 2021 03:10 AM

    No error message at all.
    It always chooses SAML 1.1 and it is not possible to change that to SAML2.0 without manually editing the metadata.





    ------------------------------
    Senior System Architect
    Tieto
    ------------------------------

    Original Message


  • 4.  RE: Siteminder Metadata import with webui always chooses the lousest protocol with protocolEnum

    Posted Jan 27, 2021 02:13 PM
    Issue is not with your system. The issue is with the Metadata file. 
    THe system will choose the SAML version based on the XML tags. In your case "  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">"

    You might need to contact the Service provider to correct their configurations before generating the XML file. 

    Please accept the solution, if you find it helpful..!
    Original Message