Federation breaking intermittently
Article ID: 141656
Updated On:
Products
Issue/Introduction
We're running Federation Services as SP, when the SP Federation
receives the Assertion, it creates a session for the user, but the
headers that the backend application expect are intermittently
missing.
The Federation Service reports error :
[11/27/2019][18:41:24][9080][13060][7bb16c46-bfe322c4-16de0bda-ec12c
92c-02739e90-e6][AssertionConsumer.java][doPost][Exception
caught in class
com.netegrity.affiliateminder.webservices.saml2.AssertionConsumer,
method doPost, message java.lang.NullPointerException.]
[11/27/2019][18:41:24][9080][13060][7bb16c46-bfe322c4-16de0bda-ec12c
92c-02739e90-e6][AssertionConsumer.java][doPost][Stack
Trace: java.lang.NullPointerException at
com.netegrity.affiliateminder.webservices.saml2.AssertionConsumer.a(
DashoA10*..:1166)
at
com.netegrity.affiliateminder.webservices.saml2.AssertionConsumer.do
Post(DashoA10*..:657)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App
licationFilterChain.java:231)
at
[...]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source) at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskT
hread.java:61)
at java.lang.Thread.run(Unknown Source)]
and the browser recieves error 500 :
[11/27/2019][18:41:24][9080][13060][7bb16c46-bfe322c4-16de0bda-ec12c
92c-02739e90-e6][AssertionConsumer.java][doPost][Ending
SAML2 AssertionConsumer Service request processing with HTTP error
500]
How can we fix this ?
Cause
The crash of the java process occurs when processing the SAMLResponse
value, ie reading the data :
[11/27/2019][12:45:30][9080][10552][3264ba71-2a226d8e-ceeb31a8-347b06d5-79f217e0-a]
[FWSBase.java][getTemporaryStateCookie][Found encrypted state cookie:
SMFED_TEMPORARY_STATE]
[11/27/2019][12:45:30][9080][10552][3264ba71-2a226d8e-ceeb31a8-347b06d5-79f217e0-a]
[AssertionConsumer.java][doPost][Exception caught in class
com.netegrity.affiliateminder.webservices.saml2.AssertionConsumer,
method doPost, message java.lang.NullPointerException.]
[11/27/2019][12:45:30][9080][10552][3264ba71-2a226d8e-ceeb31a8-347b06d5-79f217e0-a]
[AssertionConsumer.java][doPost][Stack Trace:
java.lang.NullPointerException at
com.netegrity.affiliateminder.webservices.saml2.AssertionConsumer.a(DashoA10*..:1166)
The Federation Service Web Agent Option Pack
12.52SP1CR08 64bit is not supported on Tomcat 9 64bit on Windows 2016.
According to our support matrix, Web Agent Option Pack is only
supported on Tomcat 9 from 12.52SP1CR09 running on RedHat 7 :
4.2 Web Agent Option Pack (WAOP) 64-bit
| Application | Version | Windows | Red-Hat | |
| Server | | Server 64- bit | 64-bit | |
|----------------+---------+----------------+---------+---|
| ASF Tomcat 64- | 9.0 | | 7 (SP1 | |
| bit | | | CR09) | |
| | 8.5 | 2012 R2 (SP01 | 7 (SP1 | |
| | | CR05) | CR08) | |
p.25
https://ftpdocs.broadcom.com/phpdocs/7/5262/5262_SiteMinder_12_52_SP1_Platform_Support.pdf
Environment
Web Agent Option Pack 12.52SP1CR08 64bit on Tomcat 9 64bit on Windows 2016.
Resolution
Make the Web Agent Option Pack upgraded to 12.52SP1CR09 and insure
it runs on RedHat 7;
Finally, make sure that the JVM is from JDK installation and not just
a JCE installation as per documentation requirements :
General Option Pack Installation Requirements
A supported Java Development Kit (JDK).
This JDK is required even if you are using an application server that ships with a JDK or JRE.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/installing/install-agents/web-agent-option-pack/web-agent-option-pack-installation-requirements.html
Make sure also that the JDK installation has JCE patches.
Feedback
