Fixes are available
Closed as program error.
Recreate steps (recreated at 22.214.171.124 level, also present in 6.2.2 and possibly others. 1) Create a IP SAML 2 federation. 2) When prompted please only use the basic endpoints. 3) Complete the wizard and reload the changes to the runtime. 4) Open the properties of the federation and scroll down to the Name Identifier Management entry 5) Enter a URL in the form of <proto>://host with no path including sps or just nothing else. For example https://testcase.ibm.com:83 or http://testcase.ibm.com etc... I'm sure there are other combinations that work. 6) Select one of the binding methods. 7) Click OK and load the config changes to the runtime. 8) View the properties of the federation or the feds.xml file and you will see that the endpoint value of SAML2.ManageNameIDServiceInit and SAML2.ManageNameIDService are incorrectly formed. They are missing the first three characters of the input and contain the URL information which they should not. So far I've been able to cause this for at least the following. SAML2.ManageNameIDServiceInit SAML2.ManageNameIDService SAML2.AdminUserLogoutService SAML2.AdminDefederateUserService SAML2.AuthenticationURL This also effects the sps.xml file. Where the entries for the following are invalid: <federation>/saml20/auth <federation>/saml20/adminDefederateUser <federation>/saml20/adminLogoutUser <federation>/saml20/mnids <federation>/saml20/mnidsinit I've also run into a case where the general endpoint endpoint./auth was missing from sps.xml
Delete and recreate the federation
Corrupted URLs in the feds.xml and sps.xml when a non-sps URL is provided for Single Sign-On Service, Single Logout Service, Soap Endpoint, Artifact Resolution Service, Assertion Consumer Service or Name ID Management Service URLs in the SAML 2.0 IP/SP Federation properties page via Management Console. Fix for this defect will include validation of the above URLs. The URL provided will be checked to ensure that it is a properly formatted URL and that it is a sps URL.
The fix for this APAR is expected to be contained in the following maintenance delivery vehicle: | fix pack | 6.2.2-TIV-TFIM-FP0004
Delete and re-create the federation
Reported component name
TIV FED ID MGR
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
TIV FED ID MGR
Fixed component ID
Applicable component levels
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.