CA Single Sign On Siteminder Application Access Problem

Article Id: 108999
Status: Published
Updated On: 02-04-2020 18:23
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

We're running Web Agent Option Pack, when a user request a specific saml 
application, the Web Agent Option Pack reports error 500 to the 
browser : 

1. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e- 
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Received 
the following response from SAML2 assertion generator: 
SAML2Response=NO.] 
2. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e- 
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Transaction 
with ID: 22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f 
failed. Reason: FAILED_INVALID_RESPONSE_RETURNED] 
3. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e- 
de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Denying 
request due to "NO" returned from SAML2 assertion generator.] 

And in the smtracedefault.log we have 

4. [07/24/2018][14:46:24.553][14:46:24][1108][8740][AssertionGenerator.java] 
[invoke][22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f][][][][][][][][] 
[][][][][][][][][][][][Error in getting configuration 
data. Leaving Assertion Generator Framework. Exception: 

java.lang.Exception: The Federation Web Service didn't send the 
request with a correct resource! Internal Exception: 

java.lang.IllegalArgumentException: Input byte array has wrong 
4-byte ending unit 

at java.util.Base64$Decoder.decode0(Base64.java:704) 
at java.util.Base64$Decoder.decode(Base64.java:526) 
at java.util.Base64$Decoder.decode(Base64.java:549) 
at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source) 
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source) 
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) 
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282) 
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source) 
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) 
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282) 

How can we fix this ? 

Cause:

There's an issue in the asssertiongenerator java code.

Environment:

Policy Server 12.8

Resolution:

This issue has a fix which will be available in the next CR of Policy Server 12.8