CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected

Document ID : KB000108654
Last Modified Date : 31/07/2018
Show Technical Document Details
Issue:
Our CA Access Gateway(Secure Proxy Server) acting as IDP is using the AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected. 

How can we resolve this?
Environment:
Siteminder Policy Server version 12.52 SP1 on Win2008R2SP1 
Access Gateway(Secure Proxy Server) version: 12.52 on Linux6.9
Cause:
This issue was identified in Siteminder 12.52 base and above

DE342317    
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected. 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation
Resolution:
Upgrading the Access Gateway(Secure Proxy Server) version to 12.52 SP1 CR9 resolved the issue.

Note:

Even the referenced readme identifies the issue in the Siteminder Webagent Option Pack, the issue is also identified in CA Access Gateway(Secure Proxy Server)
Additional Information:
DE342317    
Web Agent Option Pack uses AssertionConsumerServiceURL in an authentication request even though the Accept ACS URL in the Authnrequest option is not selected. 

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-Federation