Posting SAML To Incorrect Assertion Consumer URL

Document ID : KB000117169
Last Modified Date : 09/10/2018
Show Technical Document Details
Issue:
If a request contains AssertionConsumerServiceURL, the browser is incorrectly redirected to the AssertionConsumerServiceURL value instead of the default ACS even though the Accept ACS URL in the Authnrequest value is disabled. 

How can we resolve this?
Environment:
Policyserver version: 12.8 on W2K16 
CA Access Gateway : 12.8 on W2K16 
Resolution:
A dev fix was provided to resolve the issue. The fix should be added to CA Access Gateway 12.8 SP2.

The issue is identified as a known issue in the 12.8 documentation:

Browser Redirection is Incorrect in Request with AssertionConsumerServiceURL 

If a request contains AssertionConsumerServiceURL, the browser is incorrectly redirected to the AssertionConsumerServiceURL value instead of the default ACS even though the Accept ACS URL in the Authnrequest value is disabled. 

https://docops.ca.com/ca-single-sign-on/12-8/en/release-notes/known-issues/known-issues-for-policy-server