search cancel

Policy server error: java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService

book

Article ID: 241214

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

In a federation transaction, When SiteMinder as SP consumes an assertion.

This is error in the Affwebservices log

[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][processSAMLResponse][Transaction with ID: 37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89 failed. Reason: ACS_NO_IDP_INFO_FOUND]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][processSAMLResponse][No SAML identity provider information found for IDP http://www................]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][processSAMLResponse][Ending SAML2 AssertionConsumer Service request processing with HTTP error 403]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Requesting data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Administration Manager is returning data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Requesting data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][][agentcommon][][Administration Manager is returning data for ConfigManager ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID E:\Program Files\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]
[04/26/2022][19:20:59][8380][6536][37242bb0-99ad0c4a-05a03da2-b09a3a50-47ccdc8e-89][AssertionConsumer.java][doPost][

On the policy server side:

smtracedefault.log

[04/29/2022][10:53:50.473][10:53:50][2148][8144][SignatureProcessor.java][verifyXML][1e2cc0d8-02c592b4-0b1074a2-bd69b3bf-b17ab6fb-244][][][][][][][][][][][][][][][][][][][Signature verification with primary certificate failed with message: Error in DSigVerifier - Exception while creating SMKeyDatabase: Exception occurred during creation of the XMLDocumentOps instance.  Exception:  Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException
com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Exception occurred during creation of the XMLDocumentOps instance.  Exception:  Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException

    at com.netegrity.smkeydatabase.api.XMLDocumentOpsFactory.getXMLDocumentOpsInstance(XMLDocumentOpsFactory.java:85)

    at com.netegrity.SAML2Security.DSigVerifier.initialize(Unknown Source)

    at com.netegrity.SAML2Security.DSigVerifier.<clinit>(Unknown Source)

    at com.netegrity.SAML2Security.SignatureProcessor.verifyXMLWithAlias(Unknown Source)

    at com.netegrity.SAML2Security.SignatureProcessor.verifyXML(Unknown Source)

    at com.netegrity.SAML2Security.SignatureProcessor.verifyXML(Unknown Source)

    at com.netegrity.ps.auth.saml.Saml2Validator.verifyXML(Unknown Source)

    at com.netegrity.ps.auth.saml.Saml2Validator.verifySignature(Unknown Source)

    at com.netegrity.ps.auth.saml.Saml2Validator.smAuthenticate(Unknown Source)

    at com.netegrity.ps.auth.saml.SamlValidator.smAuthenticate(Unknown Source)

Caused by: com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Caught exception while instantiating signature provider: 'txm': com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl: java.lang.reflect.InvocationTargetException

    at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.getInstanceOfXMLSignatureImpl(XMLDocumentOpsImpl.java:222)

    at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.initialize(XMLDocumentOpsImpl.java:148)

    at com.netegrity.smkeydatabase.api.XMLDocumentOpsFactory.getXMLDocumentOpsInstance(XMLDocumentOpsFactory.java:80)

    ... 9 more

Caused by: java.lang.reflect.InvocationTargetException

    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

    at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)

    at com.netegrity.smkeydatabase.api.XMLDocumentOpsImpl.getInstanceOfXMLSignatureImpl(XMLDocumentOpsImpl.java:218)

    ... 11 more

Caused by: java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService

    at java.base/java.lang.ClassLoader.findBootstrapClass(Native Method)

    at java.base/java.lang.ClassLoader.findBootstrapClassOrNull(Unknown Source)

    at java.base/java.lang.System$2.findBootstrapClassOrNull(Unknown Source)

    at java.base/jdk.internal.loader.ClassLoaders$BootClassLoader.loadClassOrNull(Unknown Source)

    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)

    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)

    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(Unknown Source)

    at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source)

    at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(Unknown Source)

    at java.base/java.lang.ClassLoader.loadClass(Unknown Source)

    at org.apache.xml.security.utils.ClassLoaderUtils.loadClass(ClassLoaderUtils.java:229)

    at org.apache.xml.security.transforms.Transform.register(Transform.java:196)

    at com.netegrity.smkeydatabase.api.XMLSignatureApacheTxmImpl.<init>(XMLSignatureApacheTxmImpl.java:163)

    ... 16 more

Cause

OPENJDK 11 does not have the particular binary java class TransformService.

Environment

Release : 12.8

Component : SiteMinder Federation(Federation Manager)

Resolution

Error java.lang.NoClassDefFoundError: javax/xml/crypto/dsig/TransformService is because OPENJDK 11 does not have the particular java class TransformService.

Try and download OpenJDK8U-jdk_x64_windows_hotspot_8u322b06.msi from https://adoptium.net/temurin/archive for Windows x64 platform.

However, OpenJDK 1.8  javax.xml.crypto.dsig.Transform class does exist in ~\jdk1.8.0_202\jre\lib\rt.jar

Switching back to OpenJDK 1.8 resolved this error.

Alternative solution:

Modify JVMOptions.txt, ensure default 12.8 SP6 jars like jsr105-api-1.0.1.jar, saaj-impl-1.3.28.jar, jakarta.xml.soap-api-1.4.2.jar are included in Xbootclasspath.

For example:

-Xbootclasspath/a:.............C:/CA/siteminder/bin/thirdparty/jsr105-api-1.0.1.jar;C:/CA/siteminder/bin/thirdparty/saaj-impl-1.3.28.jar;C:/CA/siteminder/bin/thirdparty/jakarta.xml.soap-api-1.4.2.jar................

Additional Information

DE534674