In a federation transaction, When SiteMinder as SP consumes an assertion.
This is error in the Affwebservices log
[<Transaction ID>][AssertionConsumer.java][processSAMLResponse][Transaction with ID: <Transaction ID> failed. Reason: ACS_NO_IDP_INFO_FOUND]
[<Transaction ID>][AssertionConsumer.java][processSAMLResponse][No SAML identity provider information found for IDP http://www................]
[<Transaction ID>][AssertionConsumer.java][processSAMLResponse][Ending SAML2 AssertionConsumer Service request processing with HTTP error 403]
[][agentcommon][][Requesting data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[][agentcommon][][Administration Manager is returning data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[][agentcommon][][Requesting data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[][agentcommon][][Administration Manager is returning data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[<Transaction ID>][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]
[<Transaction ID>][AssertionConsumer.java][doPost][
On the policy server side:
smtracedefault.log
[SignatureProcessor.java][verifyXML][######][][][][][][][][][][][][][][][][][][][Signature verification with primary certificate failed with message: Error in DSigVerifier - Exception while creating SMKeyDatabase: Exception occurred during creation of the XMLDocumentOps instance. Exception: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Exception occurred during creation of the XMLDocumentOps instance. Exception: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
at com.netegrity.smkeydatabase.api.XMLDocumentOpsFactory.getXMLDocumentOpsInstance(XMLDocumentOpsFactory.java:85)
at com.netegrity.SAML2Security.DSigVerifier.initialize(Unknown Source)
at com.netegrity.SAML2Security.DSigVerifier.<clinit>(Unknown Source)
at com.netegrity.SAML2Security.SignatureProcessor.verifyXMLWithAlias(Unknown Source)
at com.netegrity.SAML2Security.SignatureProcessor.verifyXML(Unknown Source)
at com.netegrity.SAML2Security.SignatureProcessor.verifyXML(Unknown Source)
at com.netegrity.ps.auth.saml.Saml2Validator.verifyXML(Unknown Source)
at com.netegrity.ps.auth.saml.Saml2Validator.verifySignature(Unknown Source)
at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)
at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)
Caused by: com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.getInstanceOfXMLSignatureImpl(XMLDocumentOpsImpl.java:222)
at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.initialize(XMLDocumentOpsImpl.java:148)
at com.netegrity.smkeydatabase.api.XMLDocumentOpsFactory.getXMLDocumentOpsInstance(XMLDocumentOpsFactory.java:80)
... 9 more
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.getInstanceOfXMLSignatureImpl(XMLDocumentOpsImpl.java:218)
... 11 more
Caused by: java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService
at java.base/java.lang.ClassLoader.findBootstrapClass(Native Method)
at java.base/java.lang.ClassLoader.findBootstrapClassOrNull(Unknown Source)
at java.base/java.lang.System$2.findBootstrapClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.ClassLoaders$BootClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(Unknown Source)
at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
at org.apache.xml.security.utils.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:229)
at org.apache.xml.security.transforms.Transform.register(Transform.java:196)
at com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl.<init>(XMLSignatureApacheTxmImpl.java:163)
... 16 more
Release : 12.8
Component : SiteMinder Federation(Federation Manager)
OPENJDK 11 does not have the particular binary java class TransformService.
Error java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService is because OPENJDK 11 does not have the particular java class TransformService.
Try and download OpenJDK8U-jdk_x64_windows_hotspot_8u322b06.msi from https://adoptium.net/temurin/archive for Windows x64 platform.
However, OpenJDK 1.8 javax.xml.crypto.dsig.Transform class does exist in ~\jdk1.8.0_202\jre\lib\rt.jar
Switching back to OpenJDK 1.8 resolved this error.
Alternative solution:
Modify JVMOptions.txt, ensure default 12.8 SP6 jars like jsr105-api-1.0.1.jar, saaj-impl-1.3.28.jar, jakarta.xml.soap-api-1.4.2.jar are included in Xbootclasspath.
For example:
-Xbootclasspath/a:.............C:/CA/siteminder/bin/thirdparty/jsr105-api-1.0.1.jar;C:/CA/siteminder/bin/thirdparty/saaj-impl-1.3.28.jar;C:/CA/siteminder/bin/thirdparty/jakarta.xml.soap-api-1.4.2.jar................