search cancel

Seeing error "No confirmation method selected. Rejecting all assertions" with custom XML Agent WSS SDK


Article ID: 16947


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


XML Agent does not recognize the message body as a SAML assertion.

We see the following error when we check the SDK debug logs:

189215 2017-09-23 12:41:15,753 [http-nio-27200-exec-10] DEBUG  - No confirmation method selected. Rejecting all assertions.
189215 2017-09-23 12:41:15,753 [http-nio-27200-exec-10] DEBUG  - dispatch request failed. 




The assertion is being rejected due to a configuration issue, as the error above is due to having none of the Options under SAML Token Restrictions selected in the WSS Authentication Scheme

The following line from the SDK debug logs show which options are selected:

189215 2017-09-23 12:41:15,753 [http-nio-27200-exec-10] DEBUG  - hk flag: false; sv flag: false; bearer flag: false; supportingSigsRequired flag: false; timestamp flag: false; timestamp skew (sec): 30; ssl flag: false; ssl keystore flag: false; role: null

In the authentication scheme you need to select one of the SAML Token Restrictions according to your requirements to solve the issue:

Allow sender-vouches

Allow bearer

Allow holder-of-key