SiteMinder : WSFEDDISPATCHER HTTP Status 500 Error
searchcancel
SiteMinder : WSFEDDISPATCHER HTTP Status 500 Error
book
Article ID: 108858
calendar_today
Updated On: 09-24-2024
Products
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Issue/Introduction
Following an automated security OS patch in our environment, wsfeddispatcher throws a HTTP Status 500 Error
FWSTrace log ############
[07/23/2018][10:32:49][6496][8468][13b1dd01-baf9a2e2-44ddcd1e-66884471-56dc67c5-4696][SSO.java][processAssertionGeneration][Transaction with ID: 13b1dd01-baf9a2e2-44ddcd1e-66884471-56dc67c5-4696 failed. Reason: WSFED_SSO_INVALID_RESPONSE_RETURNED] [07/23/2018][10:32:49][6496][8468][13b1dd01-baf9a2e2-44ddcd1e-66884471-56dc67c5-4696][SSO.java][processAssertionGeneration][Denying request due to "NO" returned from WSFED assertion generator.] [07/23/2018][10:32:49][6496][8468][13b1dd01-baf9a2e2-44ddcd1e-66884471-56dc67c5-4696][SSO.java][processAssertionGeneration][Ending WSFED Single Sign-On Service request processing with HTTP error 500]
SMPS Log #########
[122536/122008][Mon Jul 23 2018 06:32:48][AssertionGenerator.java][ERROR][sm-FedServer-00120] postProcess() throws exception: ncom.netegrity.assertiongenerator.AssertionGeneratorException: Error while signing Assertion! Exception: com.netegrity.smkeydatabase.api.XMLDocumentOpsException: SignInProtocol: Exception when signing SAML Assertion - WSFEDSigner: Exception while signing XML document. com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Caught an Exception calling signXMLDocument using IXMLSignature. XMLSignatureApacheImpl.signXMLDocument(): Signing certificate has expired. Exception Message: java.security.cert.CertificateExpiredException: NotAfter: Fri Jul 20 07:22:59 EDT 2018java.lang.Exception: XMLSignatureApacheImpl.signXMLDocument(): Signing certificate has expired. Exception Message: java.security.cert.CertificateExpiredException: NotAfter: Fri Jul 20 07:22:59 EDT 2018 at com.netegrity.smkeydatabase.api.XMLSignatureApacheImpl.signXMLDocument(XMLSignatureApacheImpl.java:302)
Environment
All SSO Versions
Cause
Observed smps log of Policy server, Signing certificate was expired and that is why federation transactions were failing.
Resolution
Please refer below steps to use new/renewed Private Key in Policy Server:
1) Import new/renewed Private key in policy store using smkeytool