CA API Gateway 9.1

9.4 9.1

Set SAML Response Status Code Assertion

The Set SAML Response Status Code assertion lets you choose a SAML response status and place it into in a context variable. This variable can be used in the Customize Error Response Assertion  to help you troubleshoot possible errors.
gateway90
The
Set SAML Response Status Code
assertion lets you choose a SAML response status and place it into in a context variable. This variable can be used in the Customize Error Response Assertion  to help you troubleshoot possible errors.
The first four codes in the lists below are top-level codes. The rest are second-level/subordinate codes that can be used to provide more information on an error.
For SAML 2.0, the following response statuses are available:
urn:oasis:names:tc:SAML:2.0:status:Success
urn:oasis:names:tc:SAML:2.0:status:Requester
urn:oasis:names:tc:SAML:2.0:status:Responder
urn:oasis:names:tc:SAML:2.0:status:VersionMismatch
urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue
urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy
urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext
urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP
urn:oasis:names:tc:SAML:2.0:status:NoPassive
urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP
urn:oasis:names:tc:SAML:2.0:status:PartialLogout
urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded
urn:oasis:names:tc:SAML:2.0:status:RequestDenied
urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported
urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated
urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh
urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow
urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized
urn:oasis:names:tc:SAML:2.0:status:TooManyResponses
urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile
urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal
urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding
For SAML 1.1, the following response statuses are available:
Success
VersionMismatch
Requester
Responder
RequestVersionTooHigh
RequestVersionTooLow
RequestVersionDeprecated
TooManyResponses
RequestDenied
ResourceNotRecognized
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    Set SAML Response Status Code
    in the policy window and select
    SAML Response Status Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the dialog as follows:
    Setting
    Description
    SAML Version
    Choose the SAML version from the drop-down list:
    1.1
    or
    2.0
    .
    SAML Response Status
    Choose the SAML response status from the drop-down list.
    Output Variable
    Specify a context variable to hold the SAML response status.
    Default:
    responseStatus
    For SAML 1.1, the response status values are QNames associated with the namespace of the SAML protocol, where the output variable holds the local part of a QName. The local parts of these QNames are: 
    Success, VersionMismatch, Requester, 
    and
     Responder
    . For more information, see .
  4. Click [
    OK
    ]
    when done.

Content feedback and comments