search cancel

Policy Server is giving "Exception while verifying signature"

book

Article ID: 134251

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

We're running a Policy Server in Federation journey and when the

Policy Server tries to verify the Assertion Signature, it fails and

report error :

  [22856/140295343687424][Thu Jun 27 2019

  22:02:32][Saml2Validator.java][ERROR][sm-FedServer-00640] Exception

  while verifying signature: njava.lang.NumberFormatException: Zero

  length BigInteger

   at java.math.BigInteger.<init>(Unknown Source)

   at

   com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.

            readCertificate(XMLDocumentOpsImpl.java:1647)

When we look at the certificate in the AdminUI, we see that the Issuer

is

 DSigVerInfoIssuerDN=1.2.840.113549.1.9.1=#161861636d5f69646d4065742e766c61616e646572656e2e6265,CN=mydept,OU=mycompany,C=US

How can we solve this ?


Cause

The Policy Server Assertion Generator didn't convert the

representations of the email address in the IssuerDN to get all in

OID, and as such, the certificate in the CDS is not found.


Environment

  Policy Server 12.8SP2 on RedHat 6;

   Policy Server JDK 1.8;


Resolution

Upgrade the Policy Server to 12.8SP3 when it will be available to fix

this issue.