websphere - IBM Tivoli FBTSML215E The name identifier policy in the authentication request could not be met by this identity provider

Question

I am using Tivoli Federated Identity Manager 6.2.2 version and getting the below error while passing the SAML request for SSO from configured AD.

I am not sure what configuration needs to change? IBM documentation does not specify how to change the name id policy?

[1/28/21 15:31:56:086 IST] 00000025 ValidationFai E com.tivoli.am.fim.saml.types.ValidationFailureType logError FBTSML215E The name identifier policy in the authentication request could not be met by this identity provider.

======= Below is the Saml Request that is passing to IDP provider=================

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                     AssertionConsumerServiceURL="https://naveen-win16/netbackup/sso/callback/SAML2Client"
                     Destination="https://trans-com-win1.nbusec.vxindia.veritas.com:9443/sps/TFIM/saml20/login"
                     ForceAuthn="false"
                     ID="_8f26a532aa9f4e2990da26cf61cf759c57314a4"
                     IsPassive="false"
                     IssueInstant="2021-01-28T10:01:31.728Z"
                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                     ProviderName="pac4j-saml"
                     Version="2.0"
                     >
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
                  >https://naveen-win16/netbackup/sso/callback/SAML2Client</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#_8f26a532aa9f4e2990da26cf61cf759c57314a4">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <ds:DigestValue>GZ8UbYGnRJVd5MMxMAk5Ty8vmPptQK++e3ZGyIAmKhY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
Lj+tWFETVvScuqhLzvZC5R4qyUgwmjj91ZnkgCK0kC5HlJ+GHA36tY8Uu3vsyZpap0TKeTZdWM1D
dAcbw1f9vopW4XBMeGDMRKLTlQ3ZJY6bYqzyjZvYK8RMuaBNahV8XnOh2/1TR3yOunv03QNSITb3
Y9of2EyLGkrM2Gr4pV+LSl+lkWcHlOSYAV5lSjtwyzaRAOYgLxKnROPC69dAQQ7/zxzLsTp5unS9
W2ulSdLRHuILhLfy5Mb7mRQlA0ggoYgWV3R6ztgbaiG3Xv6ZjSyo33FORCgU83e2IN2YOpbtVp6O
5aWhO5Knz9nNwmjD1x+t8RWeUFmnQreSwLbmhw==
</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate></ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

question from:https://stackoverflow.com/questions/65935568/ibm-tivoli-fbtsml215e-the-name-identifier-policy-in-the-authentication-request-c

Answer 1

Waitting for answers