SamlValidator (Pass 1)Caught unknown exception or error

book

Article ID: 211030

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Policy Server for Federation Journeys, when this one
processes a SAML request, one might see this one returning an error
about attribute type value :

  Error caught JNI Exception: SamlValidator (Pass 1): Caught unknown
  exception or error: java.lang.RuntimeException: Unknown type for
  attribute value - Stacktrace: java.lang.RuntimeException: Unknown
  type for attribute value

   at com.netegrity.SAML2.util.SAML2Utils.getAttributeMV(Unknown Source)
   at com.netegrity.SAML2.util.SAML2Utils.retrieveAttributeData(Unknown Source)
   at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)
   at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)

 

Cause

 

The Policy Server receives the SAMLResponse with all attributes as
"string" type, and just one as "date" type :

affwebserv.log :

  [9576/8792][Fri Mar 05 2021
  19:40:31.703][AssertionConsumer.java][ERROR][sm-FedClient-02890]
  Transaction with ID: 2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52
  failed. Reason: ACS_FAILED_PROCESS_FAILURE (, , )

FWSTrace.log :

  [03/05/2021][19:40:31][9576][8792][2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52]
  [AssertionConsumer.java][doPost]
  [Obtained response message from post data for http post binding 
  [CHECKPOINT = SSOSAML2_READRESPONSEPOSTDATA_RSP]]

  [03/05/2021][19:40:31][9576][8792][2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52]
  [AssertionConsumer.java][processSAMLResponse][Credentials: <UserCredentials>
  <?xml version="1.0" encoding="UTF-8"?>

  <saml2p:Response Destination="https://federation.mydomain.com/affwebservices/public/saml2assertionconsumer" 

   [...]

      <saml2:Attribute FriendlyName="Province" Name="countyOfBirth">
 <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
   myProvince
      <saml2:Attribute FriendlyName="Birthday" Name="dateOfBirth">
 <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:date">
   1969-11-20
      <saml2:Attribute FriendlyName="Gender" Name="gender">
 <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
   M

    [...]

  [03/05/2021][19:40:31][9576][8792][2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52]
  [AssertionConsumer.java][redirectLoginFailure]
  [Ending SAML2 AssertionConsumer Service request processing with HTTP error 500]

  [03/05/2021][19:40:31][9576][8792][2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52]
  [AssertionConsumer.java][redirectLoginFailure]
  [Transaction with ID: 2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52 failed. 
  Reason: ACS_FAILED_PROCESS_FAILURE]

smtracedefault.log :

  [Receive request attribute 221, data size is 47][SmMessage.cpp:566][3372][4792][03/05/2021]
  [19:40:31][19:40:31.515][CSmMessage::ParseAgentMessage][][][][][][][][][][][s331860/r7]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52][][][][][][][][][][][][][]

  [Signature verification is successful with primary certificate][SignatureProcessor.java]
  [3372][4792][03/05/2021][19:40:31][19:40:31.672][verifyXML][][][][][][][][][][]
  [2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

  [Obtaining attributes from Assertion][Saml2Validator.java][3372][4792][03/05/2021]
  [19:40:31][19:40:31.687][smAuthenticate][][][][][][][][][][]
  [2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

  [SamlValidator (Pass 1)Caught unknown exception or error: java.lang.RuntimeException:  
  Unknown type for attribute value - Stacktrace: java.lang.RuntimeException:  
  Unknown type for attribute value
   at com.netegrity.SAML2.util.SAML2Utils.getAttributeMV(Unknown Source)
   at com.netegrity.SAML2.util.SAML2Utils.retrieveAttributeData(Unknown Source)
   at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)
   at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)

  ][SamlValidator.java][3372][4792][03/05/2021][19:40:31][19:40:31.687][smAuthenticate]
  [][][][][][][][][][][2d153f9c-79400222-42be6edf-9c864be3-7b9b21e1-52][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

  [LogMessage:ERROR:[sm-FedServer-00520] Error caught JNI Exception: SamlValidator (Pass 1): 
  Caught unknown exception or error: java.lang.RuntimeException:  
  Unknown type for attribute value - Stacktrace: java.lang.RuntimeException:  
  Unknown type for attribute value

   at com.netegrity.SAML2.util.SAML2Utils.getAttributeMV(Unknown Source)
   at com.netegrity.SAML2.util.SAML2Utils.retrieveAttributeData(Unknown Source)
   at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)
   at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)

  .][SmAuthSamlJNI.cpp:532][3372][4792][03/05/2021][19:40:31][19:40:31.687][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][]

  [LogMessage:ERROR:[sm-FedServer-00530] JNI Exception caught: if message included it is above.]
  [SmAuthSamlJNI.cpp:535][3372][4792][03/05/2021][19:40:31][19:40:31.687][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][]

smps.log :

  [3372/4792][Fri Mar 05 2021
  19:40:31.687][SmAuthSamlJNI.cpp:532][ERROR][sm-FedServer-00520]
  Error caught JNI Exception: SamlValidator (Pass 1): Caught unknown
  exception or error: java.lang.RuntimeException: Unknown type for
  attribute value - Stacktrace: java.lang.RuntimeException: Unknown
  type for attribute value

   at com.netegrity.SAML2.util.SAML2Utils.getAttributeMV(Unknown Source)
   at com.netegrity.SAML2.util.SAML2Utils.retrieveAttributeData(Unknown Source)
   at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)
   at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)

 

Environment

 

  Policy Server 12.8SP5 on Windows 2016;

 

Resolution

 

Upgrade Policy Server 12.8SP6 to get that issue fixed and make the
Policy Server to accept data type of date.