SAML Metdata with AttributeService Fails to import from Administrative UI with Error "System error trying to perform entity import."

Document ID : KB000039016
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

"System error trying to perform entity import."  error is popping up whenever attempting to import a Metadata that contains AttributeService

 

Resolution 

if AttributeService is being used , you need to check if AttributeService Binding contains a supported binding protocol .

Per SAML specification guide Section 6.3.1 Query/Request issued by SAML Requester , The SAML requester MUST use a synchronous binding, such as the SOAP binding [SAMLBind] 

"https://www.oasis-open.org/committees/download.php/35389/sstc-saml-profiles-errata-2.0-wd-06-diff.pdf" 

Siteminder supports SOAP binding for AttributeService.

In case the below for example was sent in the Metadata , the Import will fail from Administrative UI with error "System error trying to perform entity import."  

<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://one.ca.com/6033"/>