search cancel

AssertionConsumer Service request processing with HTTP error 403, or ACS_NO_IDP_INFO_FOUND

book

Article ID: 239682

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) SITEMINDER

Issue/Introduction

This environment was working as expected with no changes on the SiteMinder Access Gateway environment.

However, when saml assertion request comes in, the Access Gateway throws error:

"Ending SAML2 AssertionConsumer Service request processing with HTTP error 403".

FWStrace:

------------
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][SAMLTunnelClient.java][getIdentityProviderInfoByID][Tunnel result code: 2.]
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][SAMLTunnelClient.java][getIdentityProviderInfoByID][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.l, method getIdentityProviderInfoByID: java.lang.IllegalArgumentException: "Cannot parse bytes to a ProviderDataResponseData"]
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][SAML2Base.java][getIdentityProviderInfo][Tunnel client message: null.]
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][SAML2Base.java][getIdentityProviderInfo][Could not find identity provider information for idp: http://www..................]
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][AssertionConsumer.java][processSAMLResponse][Transaction with ID: 624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc failed. Reason: ACS_NO_IDP_INFO_FOUND]
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][AssertionConsumer.java][processSAMLResponse][No SAML identity provider information found for IDP http://www.....................]
[04/11/2022][18:46:38][2812][5252][624671cf-306561cf-d0a52e0d-dffc5f0d-40e8b1fc][AssertionConsumer.java][processSAMLResponse][Ending SAML2 AssertionConsumer Service request processing with HTTP error 403]

Cause

After checking corresponding policy server trace of the same transaction, we will see misconfiguration on JVM library Path.

smps.log

[2452/3776][Tue Apr 12 2022 16:29:37][SmJavaAPI.cpp:1298][ERROR][sm-JavaApi-00670] SmJavaAPI: Unable to get a JVM environment
[2452/3776][Tue Apr 12 2022 16:29:37][CServer.cpp:6692][ERROR][sm-Tunnel-00160] Failed to initialize tunnel service library 'smjavaapi'. SmJavaAPI: Unable to get a JVM environment

smtracedefault.log
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6557][CServer::Tunnel][19a201e8-5c354162-d197d52e-1bb60c61-f349eb2e-b3c][][][][][][][][][][][][][][10.122.167.48][][][][Lib='smjavaapi', Func='JavaTunnelService', Params='com.netegrity.saml2ps.tunnel.SAMLIdPbyIDTunnelService', Server='', Device=''][][Resolved all the input parameters]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6569][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Loading tunnel lib smjavaapi...]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6590][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Resolving tunnel QueryVersion function SmQueryVersion...]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6613][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Init function SmTunnelInit...]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6637][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Resolving tunnel Release function SmTunnelRelease...]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6666][CServer::Tunnel][][][][][][][][][][][][][][][][][][][][][Start of tunnel call SmTunnelInit]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][SmJVMSupport.cpp:254][GetJVMEnv][][][][][][][][][][][][][][][][][][][][][JVM library failed to load. Path = C:\Program Files\Java\jdk1.8.0_321\jre \bin\server\jvm.dll]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][SmJavaAPI.cpp:1298][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-JavaApi-00670] SmJavaAPI: Unable to get a JVM environment]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6684][CServer::Tunnel][][][][][][][][][][][][][0][][][][][][][][Return from tunnel call SmTunnelInit]
[04/12/2022][16:29:37.079][16:29:37][2452][3776][CServer.cpp:6692][][][][][][][][][][][][][][][][][][][][][][LogMessage:ERROR:[sm-Tunnel-00160] Failed to initialize tunnel service library 'smjavaapi'. SmJavaAPI: Unable to get a JVM environment]

Environment

Release : 12.8.03

Component : SITEMINDER SECURE PROXY SERVER

Resolution

The root cause is misconfiguration of JVM library Path (with extra white space) on policy server, which causes error "SmJavaAPI: Unable to get a JVM environment" on the policy server side.

Policy server must have java loaded in order to process saml request.