search cancel

Federation apps failing. Giving HTTP 500 error

book

Article ID: 134519

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

We're running a Policy Server for Federation transaction, then no

assertion get generated and you'd like to know why. The browser

recieves return code 500.


The Policy Server returns error :


  smps.log<Logs>


  [19601/140027141027584][Fri Jun 28 2019 09:04:14][AssertionGenerator

  .java][ERROR][sm-FedServer-00130] postProcess() returns fatal error.

   <Response ID="_f08e53846d326c4ff07ec21c12e0d9b05be3" IssueInstant="

  2019-06-28T07:04:14Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2

  .0:protocol">

    <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:enti

    ty" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">https://myhost.mydomain.com</ns1:Issuer>

    <Status>

        <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>

        <StatusMessage>Error Encrypting NameID.</StatusMessage>

    </Status>

  </Response>


How can we solve this ?


Environment

  Policy Server 12.8SP2 on RedHat 7;

   Policy Server JDK 1.8.0_181 64 bit;


Resolution

On both Policy Servers :


- In the JVMOptions.txt, replace line :


  -Xbootclasspath/p:/opt/app/CA/siteminder/bin/thirdparty/stax2-api-4.0.0.jar:/opt/app/CA/siteminder/bin/thirdparty/woodstox-core-asl-4.4.1.jar:/opt/app/CA/siteminder/bin/thirdparty/wss4j-ws-security-common-2.2.0.jar:/opt/app/CA/siteminder/bin/thirdparty/wss4j-ws-security-dom-2.2.0.jar:/opt/app/CA/siteminder/bin/endorsed/xercesImpl.jar:/opt/app/CA/siteminder/bin/endorsed/xmlsec-2.1.0.jar:/opt/app/CA/siteminder/bin/endorsed/xml-apis.jar:/opt/app/CA/siteminder/bin/thirdparty/slf4j-api-1.7.25.jar:/opt/app/CA/siteminder/bin/endorsed/resolver.jar:/opt/app/CA/siteminder/bin/endorsed/serializer.jar


  with this one :


  -Xbootclasspath/p:/opt/CA/siteminder/bin/thirdparty/stax2-api-3.1.4.jar:/opt/CA/siteminder/bin/thirdparty/woodstox-core-asl-4.4.1.jar:/opt/CA/siteminder/bin/thirdparty/wss4j-ws-security-common-2.2.0.jar:/opt/CA/siteminder/bin/thirdparty/wss4j-ws-security-dom-2.2.0.jar:/opt/CA/siteminder/bin/endorsed/xercesImpl.jar:/opt/CA/siteminder/bin/endorsed/xmlsec-2.1.2.jar:/opt/CA/siteminder/bin/endorsed/xml-apis.jar:/opt/CA/siteminder/bin/thirdparty/slf4j-api-1.7.25.jar:/opt/CA/siteminder/bin/endorsed/resolver.jar:/opt/CA/siteminder/bin/endorsed/serializer.jar

  

  which brings xmlsec-2.1.2.jar


- Restart both Policy Servers;