search cancel

Error: Error Encrypting NameID Federation fails in Policy Server

book

Article ID: 134519

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

Running a Policy Server for Federation transaction, then no assertion gets generated. The browser receives return code 500.

The Policy Server returns an error:

smps.log:


  [19601/140027141027584][Fri Jun 28 2019 09:04:14][AssertionGenerator.java][ERROR][sm-FedServer-00130] postProcess() returns fatal error.

   <Response ID="_f08e53846d326c4ff07ec21c12e0d9b05be3" IssueInstant="2019-06-28T07:04:14Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">https://myhost.mydomain.com</ns1:Issuer>
     <Status>
      <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
       <StatusMessage>Error Encrypting NameID.</StatusMessage>
     </Status>
   </Response>

 

Environment

 

  Policy Server 12.8SP2 on RedHat 7;
  Policy Server JDK 1.8.0_181 64 bit;

 

Resolution

 

On the Policy Server:

- In the JVMOptions.txt, replace the line:

  -Xbootclasspath/p:/opt/app/CA/siteminder/bin/thirdparty/stax2-api-4.0.0.jar:/opt/app/CA/siteminder/bin/thirdparty/woodstox-core-asl-4.4.1.jar:/opt/app/CA/siteminder/bin/thirdparty/wss4j-ws-security-common-2.2.0.jar:/opt/app/CA/siteminder/bin/thirdparty/wss4j-ws-security-dom-2.2.0.jar:/opt/app/CA/siteminder/bin/endorsed/xercesImpl.jar:/opt/app/CA/siteminder/bin/endorsed/xmlsec-2.1.0.jar:/opt/app/CA/siteminder/bin/endorsed/xml-apis.jar:/opt/app/CA/siteminder/bin/thirdparty/slf4j-api-1.7.25.jar:/opt/app/CA/siteminder/bin/endorsed/resolver.jar:/opt/app/CA/siteminder/bin/endorsed/serializer.jar

  with this one:

  -Xbootclasspath/p:/opt/CA/siteminder/bin/thirdparty/stax2-api-3.1.4.jar:/opt/CA/siteminder/bin/thirdparty/woodstox-core-asl-4.4.1.jar:/opt/CA/siteminder/bin/thirdparty/wss4j-ws-security-common-2.2.0.jar:/opt/CA/siteminder/bin/thirdparty/wss4j-ws-security-dom-2.2.0.jar:/opt/CA/siteminder/bin/endorsed/xercesImpl.jar:/opt/CA/siteminder/bin/endorsed/xmlsec-2.1.2.jar:/opt/CA/siteminder/bin/endorsed/xml-apis.jar:/opt/CA/siteminder/bin/thirdparty/slf4j-api-1.7.25.jar:/opt/CA/siteminder/bin/endorsed/resolver.jar:/opt/CA/siteminder/bin/endorsed/serializer.jar

  which brings xmlsec-2.1.2.jar

- Restart the Policy Server;