CA Single Sign On Siteminder Application Access Problem
book
Article ID: 108999
calendar_today
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign-On
Issue/Introduction
We're running Web Agent Option Pack, when a user request a specific saml application, the Web Agent Option Pack reports error 500 to the browser :
1. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e- de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=NO.] 2. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e- de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Transaction with ID: 22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f failed. Reason: FAILED_INVALID_RESPONSE_RETURNED] 3. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e- de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Denying request due to "NO" returned from SAML2 assertion generator.]
java.lang.Exception: The Federation Web Service didn't send the request with a correct resource! Internal Exception:
java.lang.IllegalArgumentException: Input byte array has wrong 4-byte ending unit
at java.util.Base64$Decoder.decode0(Base64.java:704) at java.util.Base64$Decoder.decode(Base64.java:526) at java.util.Base64$Decoder.decode(Base64.java:549) at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source) at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source) at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282) at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source) at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
How can we fix this ?
Cause
There's an issue in the asssertiongenerator java code.
Environment
Policy Server 12.8
Resolution
This issue has a fix which will be available in the next CR of Policy Server 12.8