CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
Issue/Introduction
We're running a Federation Services as SP (Service Provider) and when the browser comes back to the Assertion Consumer page on our SP (Service Provider) after having successfully authenticated at IdP (Identity Provider), then the Federation Service returns error 500 to the browser.
The configuration from the IdP have signature disabled :
Assertion Signature Unsigned
Detail of the full error :
fiddler.saz :
Line 1 :
GET https://myidp.idp.com/app/evryorg783532_oktasamlapplication_1/exk4rm7qtjbFoLOTi4x6/sso/saml?SAMLRequest=pVHLboMwELznK5DvYDAkEAuQIkWRIqUPtVEPvUTGmMYN2MRrquTva1Ck9NJeuoc97MzOjmbz1WCP6kWcBwHWW7smFbNSqwIdre2BYiy%2BzNU6AEAH%2BmRZwHWHWd9PgDYfaRbPY3IYIWBd65BW8knjEGFxOSWmS8%2F2s9ro3dNeJpcFdkp4pCJvuy7QoWYJbzhbxiwlQrCsqpZN6IZknpE4Zsu6IgtHBRjEVoFlyhaIhCT0w8QP032Y0YTQOHlH3pswMHknQYi8S9cqKNBgFNUMJFDFOgHUcvq6ethRx6G90VZz3aJy5rnKFUR0OmS8jTYds7%2BvR0E0TWTtNxOVDgp6wWUjRX07Tp3e3wYYgDBjVqgclcYQfehzfDdyc%2FboVrfrZ%2B2yvf7TGy5nOf759%2FIb
POST https://mysp.sp.com/affwebservices/public/saml2assertionconsumer SAMLResponse=rVXBbtpAED23Uv%2FB8h1sr01srwIpDYqE1CRSSHPopVp2x81WeG1510n4%2B84aMDYhtFUjcWGYnffmvZnh%2FOIlXzlPUGlZqLEbDH3XAcULIdXPsfvt%2FmqQuBeTc83yFSnpHeiyUBqcGWgjFTPNo0djSk09L1%2FrcogfXuQey7JnWGqoniQH7ZX1ciW515RhGsP2JcdSdQ6V68xnY1eKIE6DlETRKAqCyCckJn4QR2GYno0wRe3A74ux%2B0OwiGdCM6ZF9qwFS5bLNPMxSkgYslQsyRm%2B0bqGudKGKTN2iU%2F8gR8N%2FPjeT2gUUj8Yxj757joPu%2FaJbR8FUZpuOh67daVowbTUVLEcNDWcLqbXXymm0rIqTMGLlTv59HEjEW0gK%2BeqqHJmTr%2B2ESkGWZNKQRlp1j30089bGS264%2BRrKcqBFMjE61JpqZV0YZipdZPdD10WApwHtqrhNKRusumi5uipdr1JC9YpvhViuqPXMxcgSRJCIoKejphmQUDewaZ%2FEuqdjGpqdWXHyofCt2CLevkLuNm%2B2QZvsOx89kcGwTA4YFArXQKXmQSxo4FE4PNm9bYYXhekD7xlc1moTNqC1qRrMI%2BFOK0Dz%2BkSWIUL26K%2BXXHGDDu6tJylIYtxEuzO4voy3OJmcUdJZ3VvCnOrbqtpZqB6NRPJfibuUIhSgh2c%2Fz5D3qSv3ZGuJl2fu65uhcBcIW2ith18AXQMDumHHfp%2F2Wbfv2ktsGMOqK2pJG95HUnB%2BAerx3ZCu911Uo6FD4vvft932O17WptHZU8A5OiF03x9a6MJHaXDOEqx%2FQWeESw1VwJejs7H5qaP7F9COxuHYiAUkjLwYl6rsP%2FtcoWG30FmFTl5LTjlNhXDnT17Ld7Rym%2Bl9BTsa7W%2FofuT2b2ruwWa%2FAY%3D
[04/07/2020][08:43:02][2844][8752][137d7ea0-6b7b3339-5bbb8cae-04bbe378 -726f86ba-20a][FWSBase.java][authenticateUser][Passing response messag e through login call [CHECKPOINT = SSO_RESPONSEMESSAGEINLOGIN_REQ]]
[04/07/2020][08:43:02][2844][8752][137d7ea0-6b7b3339-5bbb8cae-04bbe378 -726f86ba-20a][FWSBase.java][authenticateUser][result code from AgentA PI login call: 2]
[04/07/2020][08:43:02][2844][8752][137d7ea0-6b7b3339-5bbb8cae-04bbe378 -726f86ba-20a][FWSBase.java][authenticateUser][Login failure [CHECKPOI NT = SSO_LOGINFAILURE_RSP]]
[04/07/2020][08:43:02][2844][8752][137d7ea0-6b7b3339-5bbb8cae-04bbe378 -726f86ba-20a][FWSBase.java][processFailedAuthentication][SAML Asserti on based user authentication failed.]
[04/07/2020][08:43:02][2844][8752][137d7ea0-6b7b3339-5bbb8cae-04bbe378 -726f86ba-20a][AssertionConsumer.java][redirectLoginFailure][Ending SA ML2 AssertionConsumer Service request processing with HTTP error 500]
smtracedefault.log<SM2> :
[04/07/2020][10:43:03.260][10:43:03][3056][3536][SmMessage.cpp:557][CS mMessage::ParseAgentMessage][s17311/r644][][][][][][][][][][][][][][][ ][][][][137d7ea0-6b7b3339-5bbb8cae-04bbe378-726f86ba-20a][Receive requ est attribute 221, data size is 48][][][][][][][][][][][][][][][][][][ ][][][][][][][][][][][][][][][][][][][][]
[04/07/2020][10:43:03.260][10:43:03][3056][3536][Saml2Validator.java][ stripWrapper][137d7ea0-6b7b3339-5bbb8cae-04bbe378-726f86ba-20a][][][][ ][][][][][][][][][][][][][][][][Response message being processed: <Use rCredentials><?xml version="1.0" encoding="UTF-8"?><saml2p:Response De [...] </UserCredentials][][][][][][][][][][][][][][][][][][][][][][][] [][][][][][][][][][][][][][][]
[04/07/2020][10:43:03.260][10:43:03][3056][3536][Saml2Validator.java][ checkAssertion][137d7ea0-6b7b3339-5bbb8cae-04bbe378-726f86ba-20a][][][ ][][][][][][][][][][][][][][][][][Assertion rejected (id17919213888224 296556220112): POST binding request, but no signatures on assertion or request][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] [][][][][][][]