CA Single Sign On Siteminder Application Access Problem
Article ID: 108999
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign-On
Issue/Introduction
We're running Web Agent Option Pack, when a user request a specific saml
application, the Web Agent Option Pack reports error 500 to the
browser :
1. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Received
the following response from SAML2 assertion generator:
SAML2Response=NO.]
2. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Transaction
with ID: 22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f
failed. Reason: FAILED_INVALID_RESPONSE_RETURNED]
3. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Denying
request due to "NO" returned from SAML2 assertion generator.]
And in the smtracedefault.log we have
4. [07/24/2018][14:46:24.553][14:46:24][1108][8740][AssertionGenerator.java]
[invoke][22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f][][][][][][][][]
[][][][][][][][][][][][Error in getting configuration
data. Leaving Assertion Generator Framework. Exception:
java.lang.Exception: The Federation Web Service didn't send the
request with a correct resource! Internal Exception:
java.lang.IllegalArgumentException: Input byte array has wrong
4-byte ending unit
at java.util.Base64$Decoder.decode0(Base64.java:704)
at java.util.Base64$Decoder.decode(Base64.java:526)
at java.util.Base64$Decoder.decode(Base64.java:549)
at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source)
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
How can we fix this ?
application, the Web Agent Option Pack reports error 500 to the
browser :
1. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Received
the following response from SAML2 assertion generator:
SAML2Response=NO.]
2. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Transaction
with ID: 22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f
failed. Reason: FAILED_INVALID_RESPONSE_RETURNED]
3. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Denying
request due to "NO" returned from SAML2 assertion generator.]
And in the smtracedefault.log we have
4. [07/24/2018][14:46:24.553][14:46:24][1108][8740][AssertionGenerator.java]
[invoke][22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f][][][][][][][][]
[][][][][][][][][][][][Error in getting configuration
data. Leaving Assertion Generator Framework. Exception:
java.lang.Exception: The Federation Web Service didn't send the
request with a correct resource! Internal Exception:
java.lang.IllegalArgumentException: Input byte array has wrong
4-byte ending unit
at java.util.Base64$Decoder.decode0(Base64.java:704)
at java.util.Base64$Decoder.decode(Base64.java:526)
at java.util.Base64$Decoder.decode(Base64.java:549)
at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source)
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
How can we fix this ?
Cause
There's an issue in the asssertiongenerator java code.
Environment
Policy Server 12.8
Resolution
This issue has a fix which will be available in the next CR of Policy Server 12.8
Feedback
Yes
No
Powered by
