We're running Policy Server 12.8SP0 and this one doesn't seem to be
able to validate existing SMSESSION cookie in SP Initiated Post
transaction.
We see the following error in the Policy Server traces :
[08/13/2018][09:57:49.227][09:57:49][532][139977941837568][AssertionGenerator.java]
[invoke][385fb99d-c4caacc3-b2480891-4285df97-2cb4af88-07][][][][][][][][][][][][][][][][][][][][Error
in getting configuration data. Leaving Assertion Generator
Framework. Exception:
java.lang.Exception: The Federation Web Service didn't send the
request with a correct resource! Internal Exception:
java.lang.IllegalArgumentException: Input byte array has incorrect
ending byte at 28
We've tried also on our Policy Server 12.7SP2, and for the same
transaction this one returns similar error :
[3630/139941835171584][Mon Aug 20 2018
14:39:44][AssertionGenerator.java][ERROR][sm-FedServer-00050] Error
in getting configuration data. Leaving Assertion Generator
Framework.nStack Trace:njava.lang.Exception: The Federation Web
Service didn't send the request with a correct resource! Internal
Exception:
java.lang.IllegalArgumentException: Input byte array has wrong
4-byte ending unit
at java.util.Base64$Decoder.decode0(Base64.java:704)
at java.util.Base64$Decoder.decode(Base64.java:526)
at java.util.Base64$Decoder.decode(Base64.java:549)
at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source)
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
How can we fix that ?
This issue is fixed in Policy Server 12.8SP1
Defects Fixed in 12.8.01
01148879, 01165951,
01171578, 01172587
DE380366 An HTTP-POST request fails in a browser that already contains an SMSESSION cookie.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/release-notes/service-packs/defects-fixed-in-12-8-01.html