When Context Comparison for SAML 2.0 authentication request is set to minimum it generates an exception.

  • 7008864
  • 21-Jun-2011
  • 26-Apr-2012

Environment

Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3 applied
Novell Access Manager 3.1 Linux Access Gateway

Situation

When hitting the service provider portal page directly and when the authrequest was made it worked fine with the setting set to minimum.
When the test is done against a protected resource on the LAG and when the setting is set to EXACT it works and brings me to the IDP to authenticate.
When the test is done against a protected resource on the LAG and when the setting is set to MINIMUM it fails.
It generates an error <amLogEntry> 2011-04-19T06:59:59Z VERBOSE NIDS Application: IDP response failed to authenticate: NIDPLOGGING.300101008 </amLogEntry>
The catalina.out shows the following entries:

Warning: Invalid resource key: Authentication error: . No prefix! Warning: Invalid resource key: Authentication error: . No prefix! <amLogEntry> 2011-04-19T08:52:27Z DEBUG NIDS IDFF: Method: LibertySSOProfile.doAuthentication Thread: http-10.1.1.1-8443-Processor8 Authentication error: </amLogEntry> <amLogEntry> 2011-04-19T08:52:27Z INFO NIDS Application: AM#500105040: AMDEVICEID#7CD9BB743365F673: AMAUTHID#26B24C8E683C8017ECBEB23BD02C2B6E: IDP login cancelled on session AMAUTHID#26B24C8E683C8017ECBEB23BD02C2B6E </amLogEntry>

Resolution

Reported to engineering
Will be fixed with SP3 IR2.

For now use this tid and provide a tid feedback to obtain the engineering build if you encounter the same issue.