Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Identity Server
NAM acting as SAML2 Identity server in Federated Environment
NetIQ Access Manager 3.2 Identity Server
NAM acting as SAML2 Identity server in Federated Environment
Situation
SAML setup between NAM IDP server and 3rd party SAML2 SP Attribute set defined with following - constant value true -> remote attribute ConstantNumber1 - constant value true -> remote attribute ConstantNumber3 When the assertion is generated by the IDP server, we will only include one of the two of these attributes. Here's the attribute set that I defined in my setup here. ConstantNumber1 and COnstrntNumber3 are both set to a value true. This is what I see in the assertion <saml:AttributeStatement><saml: Attribute xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="logouturl" NameFormat="urn:oasis:name s:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">**</saml:AttributeValue></saml:Attribute>
<saml:Attribute xmlns:xs="http://www.w 3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="Constant/ConstantNumber3" NameFormat="urn:oasis:names:tc:SAML:2.0:att rname-format:uri"><saml:AttributeValue xsi:type="xs:string">**</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp :Response> It only has constantNumber3. It seems to only populate the last constant if multiple constants of the same value exist - regardless of format.
Resolution
Fixed in 3.2.2 IR1.