Forum Discussion
Thanks again Evan,
I have double-checked the advanced assignment step within the IdP policy and application specific SAML resources are definitely being assigned. However APM still insists that a "Webtop configuration is required" and same error is being logged "Logon denied due to validation error, Error Code: 3000 (No Webtop)"
I'm beginning to think that it is a version specific issue. The 11.6.0 documentation differs from the 12.1.0 documentation that you linked.
In 11.6.0 the relevant SAML instructions state:
Configuration requirements to support IdP- and SP-initiated connections
...
An access policy that:
Performs authentication
Assigns SAML resources and full webtop
However the stipulation for a 'full webtop' assignment does not appear in the 12.1.0 documentation. I am going to try an lab this on 12.1.0 to see whether I have any more success.
Thanks again for your guidance,
Barny
That could be it -- we are using 12.1.0. I would recommend 12.1.0 HF1 for other reasons anyway, as it fixed some of the bugs I found with SAML. HF1 fixes a further regression in 12.1.0 where a user going to
https://yourserver/path/to/content
ends up redirected back to https://yourserver/
after authentication and not https://yourserver/path/to/content
. This can be worked around but given you are upgrading you are better to go to HF1.