000022739 - How to set up RSA Federated Identity Manager (FIM) 2.5 SAML 1.0 compliant services

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022739
Applies ToRSA Federated Identity Manager (FIM) 2.5
Security Assertion Markup Language (SAML) 1.0
Microsoft Windows 2000
IssueHow to set up RSA Federated Identity Manager (FIM) 2.5 SAML 1.0 compliant services
Prior to setting up the RSA Federated Identity Manager (FIM) hot fix (FIM2511-FT3-E001-11.zip) to configure FIM server services, SAML requests were of version 1.0:

<soapenv:Envelope
  xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/
  xmlns:xsd=http://www.w3.org/2001/XMLSchema
  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance>
    <soapenv:Body>
        <samlp:Request
          IssueInstant="2006-03-15T22:26:51Z"
          MajorVersion="1"
          MinorVersion="0"
          RequestID="_3e1b50fc204dbbe0849c065916c3be91590ed93d"
          xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
          xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
          xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
            <samlp:AssertionArtifact>
                AAEbuqrPjR1XORIHk5YAV8I4sM0nKP2CLV+h1CMiWbnkaWvvlJ0g4Ess
            </samlp:AssertionArtifact>
        </samlp:Request>
    </soapenv:Body>
</soapenv:Envelope>

After applying the currently available patch to setup FIM server services, the SAML requests became of version 1.1:

<soapenv:Envelope
  xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/
  xmlns:xsd=http://www.w3.org/2001/XMLSchema
  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance>
    <soapenv:Body>
        <samlp:Request
          IssueInstant="2006-03-15T22:48:16Z"
          MajorVersion="1"
          MinorVersion="1"
          RequestID="_e1ffbe6e14d578010b542ecda5244748da1568d9"
          xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
          xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
          xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
            <samlp:AssertionArtifact>
                AAEbuqrPjR1XORIHk5YAV8I4sM0nKP2CLV+h1CMiWbnkaWvvlJ0g4Ess
            </samlp:AssertionArtifact>
        </samlp:Request>
    </soapenv:Body>
</soapenv:Envelope>
CauseThis hot fix (FIM2511-FT3-E001-11.zip) to set up the RSA Federated Identity Manager (FIM) services is compliant only to the SAML 1.1 version of FIM
ResolutionThis issue has been resolved in a hot fix to RSA Federated Identity Manager (FIM) 2.5. Contact RSA Security Customer Support to obtain hot fix FIM2510-FT1-E001-8.zip which sets up the FIM services compliant with SAML 1.0.
Legacy Article IDa30096

Attachments

    Outcomes