search cancel

Seeing error "No confirmation method selected. Rejecting all assertions" with custom XML Agent WSS SDK

book

Article ID: 16947

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

XML Agent does not recognize the message body as a SAML assertion.

We see the following error when we check the SDK debug logs:

189215 2017-09-23 12:41:15,753 [http-nio-27200-exec-10] DEBUG com.netegrity.tm.contenthelper.handler.authentication.WSSecuritySAMLAuthHandler  - No confirmation method selected. Rejecting all assertions.
189215 2017-09-23 12:41:15,753 [http-nio-27200-exec-10] DEBUG com.netegrity.tm.contenthelper.handler.HandlerServiceManager  - dispatch request failed. 

Environment

WSS SDK 

Resolution

The assertion is being rejected due to a configuration issue, as the error above is due to having none of the Options under SAML Token Restrictions selected in the WSS Authentication Scheme

The following line from the SDK debug logs show which options are selected:

189215 2017-09-23 12:41:15,753 [http-nio-27200-exec-10] DEBUG com.netegrity.tm.contenthelper.handler.authentication.WSSecuritySAMLAuthHandler  - hk flag: false; sv flag: false; bearer flag: false; supportingSigsRequired flag: false; timestamp flag: false; timestamp skew (sec): 30; ssl flag: false; ssl keystore flag: false; role: null

In the authentication scheme you need to select one of the SAML Token Restrictions according to your requirements to solve the issue:

Allow sender-vouches

Allow bearer

Allow holder-of-key