Issue:
We are setting-up a SAML 2.0 federation Partnership with an external IdP where CA SSO is acting as the SP.
While configuring Single Logout, when we select SLO Binding (HTTP-Redirect and/or HTTP-Post) and activate the partnership, the authentication is broken and we get the below error:
The affwebservice.log shows a ACS_FAILED_PROCESS_FAILURE
5912/3076][Thu Sep 07 2017 08:16:05][FWSBase.java][ERROR][sm-FedClient-00360] SAML Assertion based user authentication failed. ()
[5912/3076][Thu Sep 07 2017 08:16:05][AssertionConsumer.java][ERROR][sm-FedClient-02890] Transaction with ID: be5b4d91-557c5060-f01125a6-75de8b42-445cf089-1 failed.
Reason: ACS_FAILED_PROCESS_FAILURE (, , )
How can we resolve this?
Environment:
CA SSO Version r12.52 SP2 CR01 on Windows 2012 R2
CA Access Gateway r12.52-sp01-cr06 on Windows 2012 R2
Resolution:
This issue has been fixed in Policy Server 12.52 SP1 CR9
KD : KB000077015