Symantec Access Management

Broadcom Employee Peter Burant posted Jan 17, 2025 08:25 AM

Hi Marubun Support,

No, you would not want to use the SAML Authentication scheme.  This scheme is part of Legacy Federation which is still supported, but stopped being enhanced when the Partnership model was introduced.  You instead want to configure a partnership in Siteminder.  With the partnership in place you can leverage the existing forms authentication scheme to redirect the user to the beginning of the SAML journey.  Since the realm is already pointing to this auth scheme, there is no requirement to update the realm.

For IDP initiated SAML where Siteminder is the IDP you can make the Target of the HTML Forms auth scheme the IDP-initiated URL which takes the following format:
https://federation.example.com/affwebservices/public/saml2sso?SPID=<SPID_value>
The forms auth scheme will add extra query parameters to this URL on redirect, but the saml2sso URL ignores the unneeded query parameters.

For SP-initiated SAML you would make the Target of the auth scheme an active page that redirects to the start of the SAML journey.  The following KB has the details of this:
https://knowledge.broadcom.com/external/article?articleId=378292

Regards,

Pete

MARUBUN SUPPORT posted Jan 21, 2025 04:36 AM

A customer has made the following request. 
Can the problem be resolved by the following KB setting?
> https://knowledge.broadcom.com/external/article?articleId=378292

In the end user environment, we have introduced nearly 100 WebAgents, and we have a request to replace them with SAML SPs.

MARUBUN SUPPORT posted Jan 24, 2025 04:22 AM

Any advice would be appreciated.

-

Can the problem be resolved by the following KB setting?
> https://knowledge.broadcom.com/external/article?articleId=378292

In the end user environment, we have introduced nearly 100 WebAgents, and we have a request to replace them with SAML SPs.

-