Identity Provider and Service Provider is not recommended to be configured as partners on the same appliance or on the same external HVDB

Troubleshooting

Problem

Identity Provider and Service Provider is not recommended to be configured as partners on the same appliance or on the same external HVDB. This might lead to several features not functioning correctly. The following problems (but not limited to) might be encountered:

HTTP Artifact binding SAML single sign flows does not work due to key conflict in storing the messages in runtime database.
The STS chain mapping created internally for Identity Provider and Service Provider will have identical ‘issuer’ and ‘applies to’ which can lead to unexpected behaviour during runtime flow.
Leads to database contention as the DMAP entries could be inserted or modified simultaneously by Identity provider and Service provider.

Environment

IBM Security Access Manager virtual or hardware appliance

Resolving The Problem

It is recommended that the Identity Provider and Service Provider that are partners reside in separate appliances configured with separate external HVDB.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"Federation","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Identity Provider and Service Provider is not recommended to be configured as partners on the same appliance or on the same external HVDB

Troubleshooting

Problem

Environment

Resolving The Problem

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?