SAML Federation - Failed to Sign Assertion. Unmatched braces in the pattern

book

Article ID: 141018

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server in Federation Journey, and when the
Policy Server needs to sign an assertion, it fails and report error :
  
smtracedefault.log :

  [319748][139879694460672][09/28/2019][06:22:38.161][06:22:38][Protoc
  olBase.java][SignOrEncryptAssertion][Signing the Assertion with ID: 
  _69835bc8b0c910f12b61d58e2447b65dc77d ...][][][][][][][][][][][10f1b
  9db-04a26d0f-dc6fdf63-566ffcc5-e67d8791-43][][][][][][][][][][][][][
  ][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
 
  [319748][139879694460672][09/28/2019][06:22:38.169][06:22:38][AuthnR
  equestProtocol.java][closeupProcess][Failed to Sign Assertion. Unmat
  ched braces in the pattern.][][][][][][][][][][][10f1b9db-04a26d0f-d
  c6fdf63-566ffcc5-e67d8791-43][][][][][][][][][][][][][][][][][][][][
  ][][][][][][][][][][][][][][][][][][][][][][][][][]
 
  [319748][139879694460672][09/28/2019][06:22:38.169][06:22:38][Assert
  ionGenerator.java][invoke][AssertionHandler postProcess() failed. Le
  aving AssertionGenerator.][][][][][][][][][][][10f1b9db-04a26d0f-dc6
  fdf63-566ffcc5-e67d8791-43][][][][][][][][][][][][][][][][][][][][][
  ][][][][][][][][][][][][][][][][][][][][][][][][]

How can we fix this ?

 

Cause


A problem in the code by the Response ID, Assertion ID and Reference

URI makes that error when verifying the Assertion signature.

This issue has been solved in Policy Server 12.8SP3.

 

Environment


  Policy Server 12.8SP2 on RedHat 6;


Resolution


Upgrade Policy Server to 12.8SP3 to fix the issue.