In a federation transaction, When SiteMinder as SP consumes an assertion.
This is error in the Affwebservices log
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][processSAMLResponse][Transaction with ID: 37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89 failed. Reason: ACS_NO_IDP_INFO_FOUND]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][processSAMLResponse][No SAML identity provider information found for IDP http://www................]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][processSAMLResponse][Ending SAML2 AssertionConsumer Service request processing with HTTP error 403]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Requesting data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Administration Manager is returning data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Requesting data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Administration Manager is returning data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][doPost][
On the policy server side:
smtracedefault.log
[04/29/2022][10:53:50.473][10:53:50][2148][8144][SignatureProcessor.java][verifyXML][1e2cc0d8-02c592b4-0b1074a2-bd69b3bf-b17ab6fb-244][][][][][][][][][][][][][][][][][][][Signature verification with primary certificate failed with message: Error in DSigVerifier - Exception while creating SMKeyDatabase: Exception occurred during creation of the XMLDocumentOps instance. Exception: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Exception occurred during creation of the XMLDocumentOps instance. Exception: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
at com.netegrity.smkeydatabase.api.XMLDocumentOpsFactory.getXMLDocumentOpsInstance(XMLDocumentOpsFactory.java:85)
at com.netegrity.SAML2Security.DSigVerifier.initialize(Unknown Source)
at com.netegrity.SAML2Security.DSigVerifier.<clinit>(Unknown Source)
at com.netegrity.SAML2Security.SignatureProcessor.verifyXMLWithAlias(Unknown Source)
at com.netegrity.SAML2Security.SignatureProcessor.verifyXML(Unknown Source)
at com.netegrity.SAML2Security.SignatureProcessor.verifyXML(Unknown Source)
at com.netegrity.ps.auth.saml.Saml2Validator.verifyXML(Unknown Source)
at com.netegrity.ps.auth.saml.Saml2Validator.verifySignature(Unknown Source)
at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)
at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)
Caused by: com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.getInstanceOfXMLSignatureImpl(XMLDocumentOpsImpl.java:222)
at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.initialize(XMLDocumentOpsImpl.java:148)
at com.netegrity.smkeydatabase.api.XMLDocumentOpsFactory.getXMLDocumentOpsInstance(XMLDocumentOpsFactory.java:80)
... 9 more
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.getInstanceOfXMLSignatureImpl(XMLDocumentOpsImpl.java:218)
... 11 more
Caused by: java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService
at java.base/java.lang.ClassLoader.findBootstrapClass(Native Method)
at java.base/java.lang.ClassLoader.findBootstrapClassOrNull(Unknown Source)
at java.base/java.lang.System$2.findBootstrapClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.ClassLoaders$BootClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(Unknown Source)
at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
at org.apache.xml.security.utils.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:229)
at org.apache.xml.security.transforms.Transform.register(Transform.java:196)
at com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl.<init>(XMLSignatureApacheTxmImpl.java:163)
... 16 more
Release : 12.8
Component : SiteMinder Federation(Federation Manager)
OPENJDK 11 does not have the particular binary java class TransformService.
Error java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService is because OPENJDK 11 does not have the particular java class TransformService.
Try and download OpenJDK8U-jdk_x64_windows_hotspot_8u322b06.msi from https://adoptium.net/temurin/archive for Windows x64 platform.
However, OpenJDK 1.8 javax.xml.crypto.dsig.Transform class does exist in ~\jdk1.8.0_202\jre\lib\rt.jar
Switching back to OpenJDK 1.8 resolved this error.
Alternative solution:
Modify JVMOptions.txt, ensure default 12.8 SP6 jars like jsr105-api-1.0.1.jar, saaj-impl-1.3.28.jar, jakarta.xml.soap-api-1.4.2.jar are included in Xbootclasspath.
For example:
-Xbootclasspath/a:.............C:/CA/siteminder/bin/thirdparty/jsr105-api-1.0.1.jar;C:/CA/siteminder/bin/thirdparty/saaj-impl-1.3.28.jar;C:/CA/siteminder/bin/thirdparty/jakarta.xml.soap-api-1.4.2.jar................
DE534674