Administrative UI issue with Assertion Generator Plugin
Article ID: 109036
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We updated the cawcom_r5.1.1.jar with cawcom_r5.1.3.jar for R12.52SP1CR7 CA SSO on the Administrative UI server.
AGP plugin is not working as expected. A review of assertions using AGP before and after last week's upgrade reveal that the values are not being parsed out as expected in the assertion. In the example below, the EmployeeID should have been parsed out as W263848703 not the entire string as seen here.
<ns2:Attribute Name="EmployeeID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>FedID_XYXcorpClientID}1627^FedID_WID}W263848703}19790602}John}Doe}M^HMO}0000000954401156^SRMEM
We received a “failed to add deployment:iam_siteminder.ear" message in the logs. It doesn’t appear that the ".3.jar" version of file is available for download. Not sure if the issue is related to being on R12.52SP1CR7 now and we need a different version of the .jar file or if there was an issue with the original .jar file. How do we resolve this?
Also, subsequently, we got this while adding AGP and after activating/de-activating and then modifying the issue of the extra \ 's is present:
Pre-modify: Plug-in Class: e:\activeresponse\AssertionGeneratorPlugin\com\netegrity\assertiongenerator\AssertionGeneratorRegEx.xml
Plug-in Parameters: /"f&&ns2:Assertion&&ns2:AttributeStatement/ns2:Attribute[@Name='ClientID']/ns2:AttributeValue/text()&&FedID_XYZcorpClientID\}.*&&"
In Modify mode: Plug-in Class: e:\\activeresponse\\AssertionGeneratorPlugin\\com\\netegrity\\assertiongenerator\\AssertionGeneratorRegEx.xml
Plug-in Parameters: /"f&&ns2:Assertion&&ns2:AttributeStatement/ns2:Attribute[@Name='ClientID']/ns2:AttributeValue/text()&&FedID_XYZCorpClientID\\}.*&&"
AGP plugin is not working as expected. A review of assertions using AGP before and after last week's upgrade reveal that the values are not being parsed out as expected in the assertion. In the example below, the EmployeeID should have been parsed out as W263848703 not the entire string as seen here.
<ns2:Attribute Name="EmployeeID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>FedID_XYXcorpClientID}1627^FedID_WID}W263848703}19790602}John}Doe}M^HMO}0000000954401156^SRMEM
We received a “failed to add deployment:iam_siteminder.ear" message in the logs. It doesn’t appear that the ".3.jar" version of file is available for download. Not sure if the issue is related to being on R12.52SP1CR7 now and we need a different version of the .jar file or if there was an issue with the original .jar file. How do we resolve this?
Also, subsequently, we got this while adding AGP and after activating/de-activating and then modifying the issue of the extra \ 's is present:
Pre-modify: Plug-in Class: e:\activeresponse\AssertionGeneratorPlugin\com\netegrity\assertiongenerator\AssertionGeneratorRegEx.xml
Plug-in Parameters: /"f&&ns2:Assertion&&ns2:AttributeStatement/ns2:Attribute[@Name='ClientID']/ns2:AttributeValue/text()&&FedID_XYZcorpClientID\}.*&&"
In Modify mode: Plug-in Class: e:\\activeresponse\\AssertionGeneratorPlugin\\com\\netegrity\\assertiongenerator\\AssertionGeneratorRegEx.xml
Plug-in Parameters: /"f&&ns2:Assertion&&ns2:AttributeStatement/ns2:Attribute[@Name='ClientID']/ns2:AttributeValue/text()&&FedID_XYZCorpClientID\\}.*&&"
Environment
Initial Environment:
12.52 SP01 CR06 on Win 2008
Upgraded Environment:
R12.52SP01 CR07 on Win 2012
12.52 SP01 CR06 on Win 2008
Upgraded Environment:
R12.52SP01 CR07 on Win 2012
Resolution
Provided new jar file/ DevFix for DE331582 that fixed the deployment issue, as well as of adding of additional \'s and the freezing issue when in Modify mode..
A new jar was created to fix the build issue by CA Engineering and renamed to cawcom_r5.1.1.jar so the AdminUI app server supporting code will work. In future releases, this jar build issue won't exist. This fix/change will be incorporated in future releases of R12.52SP1. But the problem doesn't exist in R12.6, R12.7, R12.8.
A new jar was created to fix the build issue by CA Engineering and renamed to cawcom_r5.1.1.jar so the AdminUI app server supporting code will work. In future releases, this jar build issue won't exist. This fix/change will be incorporated in future releases of R12.52SP1. But the problem doesn't exist in R12.6, R12.7, R12.8.
Feedback
Yes
No
Powered by
