ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SAML response appears 
 at the end of each line of the certificate

book

Article ID: 200724

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Policy Server, this one produced a signed assertion,
the certificates lines are ended with the 
 characters. This
causes issue at the partnerside.

 

Environment

 

Policy Server 12.8SP0 (GA) on RedHat 7;

 

Resolution

 

At first glance, this issue is already corrected in the Policy Server
12.8SP1 as per documentation (1).
  
Upgrade to the latest version which is 12.8SP6 at date of Nov. 10th
2021, which includes another related fix about carriage return "&#13"
where the smfedexport tool faces the same problem (2).

To upgrade the Policy Server, follow the in-place
upgrade (3).

Take care that a change to the JVM is needed to make the Policy Server
use the AdoptOpenJDK as precified in the Support Matrix (4).

AdoptOpenJDK instructions can be found from this KD (5).

 

Additional Information

 

(1)

    Defects Fixed in 12.8.01

      01137702, 01153845,
      01149748, 01156676

      DE374779 The SAML federation partnership assertion contains enter
      characters such as &#13 at the end of each line.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/defects-fixed-in-12-8-01.html

(2)

    Defects Fixed in 12.8.04

      20018179, 01349582, 01371484, 20017847, 20019724 DE422943, DE416865,
      DE423098 SAML metadata contains "
" characters when it is exported
      using the smfedexport tool. Policy Server reports the following error
      when the smfedexport tool is executed: SLF4J: Failed to load class
      ""org.slf4j.impl.StaticLoggerBinder""

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/release-notes/service-packs/Defects-Fixed-in-12-8-04.html

(3)

    Upgrade Policy Server
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-policy-server.html

(4)

    2.4 Java Virtual Machine (JVM)

      Review this section carefully. The Java support has been changed
      in releases 12.8.06 and 12.8.03.

      The following table lists the Java Virtual Machine (JVM) support
      requirements for release 12.8.06:

  | SiteMinder Component | Java Runtime Environment                          |
 |----------------------+---------------------------------------------------|
 | Policy Server        | AdoptOpenJDK 11 (or later updates on 11.x) 64 bit |

      The following table lists the Java Virtual Machine (JVM) support
      requirements for release 12.8.03 and above:

 | SiteMinder Component | Java Runtime Environment                                |
 |----------------------+---------------------------------------------------------|
 | Policy Server        | AdoptOpenJDK 1.8.212 (or later updates on 1.8.x) 64 bit |

https://ftpdocs.broadcom.com/cadocs/0/contentimages/Symantec%20SiteMinder_12_8_Platform%20Support%20Matrix_23Nov2021.pdf

(5)
    SPS upgrade to 12.8 SP03

      At first glance, you can download the AdoptOpenJDK here :

      Prebuilt OpenJDK Binaries for Free!
      https://adoptopenjdk.net/

      - Keep the default selections;

      - Click on "Other Platforms"
      - Click on "Linux glibc version 2.12 or higher x64 JDK - 102 MB .tar.gz";

    https://knowledge.broadcom.com/external/article?articleId=190579