We are establishing federation using ADFS 2.0(IdP) and SiteMinder(SP), after authentication on ADFS(IdP) in SiteMinder we are not getting NameId-emailAddress in the generated assertion in SiteMinder and seems to be because of that only we are getting below error in SiteMinder:
java.lang.LinkageError: loader constraints violated when linking org/xml/sax/ErrorHandler class
However we've already created different Claim Rules for NameId-EmailAddress on the Relying Party Trust but in the generated assertion we are not getting NameId-EmailAddress of the currently login user.
I followed up via e-mail with Vaibhav. For other customers who hit this problem, the root cause was that the authenticating user did not have an e-mail address configured in AD.
Thus, when they authenticated, no e-mail address claim could be retrieved from AD, and no NameID could be generated based off of their e-mail address.
I followed up via e-mail with Vaibhav. For other customers who hit this problem, the root cause was that the authenticating user did not have an e-mail address configured in AD.
Thus, when they authenticated, no e-mail address claim could be retrieved from AD, and no NameID could be generated based off of their e-mail address.
