|Applies To||Federated Identity Management Module 3.0|
|Issue||Error message: The SAML authentication context is not mapped to a local authentication context. Please inspect your local Authentication Policy.|
Error stack trace:
com.rsa.fim.profile.sso.SSOProfileException: The SAML authentication context is not mapped to a local authentication context. Please inspect your local Authentication Policy.
Where an IdP sends an SSO message to an SP then the authentication methods being used by the respective parties need to match in some way. A mapping must exist which allows for some level of translation to go from the generic formal SAML method into the localized mechanism implemented by the end system.
The problem can be seen if you follow these steps:
As part of a SAML Response message the IdP will send an authentication context as follows:
The problem is that no appropriate mapping has been configured in the FIM 3.0 configuration (by default FIM 3.0 is configured to map only urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport)
Modify the FIM configuration to map the supplied SAML authentication mechanism as follows
Notice that the SAML authentication mechanism we have selected matches the value shown in the example above. Now the system should run correctly.
If the connection is also working in the other direction where we need to map a local method to a SAML method then this is also done on this form but is managed in the section higher up the page.
|Legacy Article ID||a32268|