We're running a Policy Server in Federation journey and when the
Policy Server tries to verify the Assertion Signature, it fails and
report error :
[22856/140295343687424][Thu Jun 27 2019
22:02:32][Saml2Validator.java][ERROR][sm-FedServer-00640] Exception
while verifying signature: njava.lang.NumberFormatException: Zero
length BigInteger
at java.math.BigInteger.<init>(Unknown Source)
at
com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.
readCertificate(XMLDocumentOpsImpl.java:1647)
When we look at the certificate in the AdminUI, we see that the Issuer
is
DSigVerInfoIssuerDN=1.2.840.113549.1.9.1=#161861636d5f69646d4065742e766c61616e646572656e2e6265,CN=mydept,OU=mycompany,C=US
How can we solve this ?
Policy Server 12.8SP2 on RedHat 6;
Policy Server JDK 1.8;
The Policy Server Assertion Generator didn't convert the
representations of the email address in the IssuerDN to get all in
OID, and as such, the certificate in the CDS is not found.
Upgrade the Policy Server to 12.8SP3 when it will be available to fix
this issue.