Error: Denying request due to "NO" from SAML2 assertion generator
search cancel

Error: Denying request due to "NO" from SAML2 assertion generator


Article ID: 250099


Updated On:


SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)


The new SAML Partnership fails with a 500 error in the browser.

Checking the FWSTrace.log shows the following messages:

[09/05/2022][19:37:31][6392][139941262227200][][][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=NO.]

[09/05/2022][19:37:31][6392][139941262227200][][][processAssertionGeneration][Transaction with ID: <value> failed. Reason: FAILED_INVALID_RESPONSE_RETURNED]

[09/05/2022][19:37:31][6392][139941262227200][][][processAssertionGeneration][Denying request due to "NO" returned from SAML2 assertion generator.]

[09/05/2022][19:37:31][6392][139941262227200][][][redirectToErrorPage][Sending HTTP Error 500 ]

The Assertion Generation occurs on the Policy Server. Reviewing the smps.log shows the following messages:    

[97320/139896865937152][Mon Sep 05 2022 16:37:31][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[97320/139896865937152][Mon Sep 05 2022 16:37:31][IsAuthorized.cpp:68][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : StateSLO.SP.<value>

[97320/139896865937152][Mon Sep 05 2022 16:37:31][][ERROR][sm-FedServer-00130] postProcess() returns fatal error. Can not save the SLO information into session store.

[97320/139896840759040][Mon Sep 05 2022 16:37:31][Scanner.h:86][yyerror][ERROR][sm-xpsxps-06180] Unrecognized character: "Syntax error"

The issue is that SLO is configured but the information can't be saved.



The error code 2 from the SmSessionServer.cpp indicates a store failure to save session info. The further discussion confirmed that Persistent Sessions were not enabled.

The documentation shows features that require a Session Store (1).



Since the Persistent Sessions are enabled and the Session Store is configured, the SAML transactions are successful.


Additional Information


  1. Federation Features Requiring the Session Store