Issue: 

Federation transactions are failing with 403 forbidden error in browser.

Below are the errors at FWS and Policy server:

FWSTrace logs:

[06/13/2016][04:51:37][4256][4400][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]

[06/13/2016][04:51:37][4256][4400][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for sp: example.com/ Message: .]

[06/13/2016][04:51:37][4256][4400][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for idp: example.com/.]

[06/13/2016][04:51:37][4256][4400][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][SSO.java][processRequest][Transaction with ID: c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d failed. Reason: NO_PROVIDER_INFO_FOUND]

[06/13/2016][04:51:37][4256][4400][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][SSO.java][processRequest][No SAML2 provider information found for SP example.com/.]

[06/13/2016][04:51:37][4256][4400][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][SSO.java][processRequest][Ending SAML2 Single Sign-On Service request processing with HTTP error 400]

smtrace logs:

[06/13/2016][07:51:37.160][07:51:37][19196][2990357392][TunnelUtils][addProviderPasswords][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][][][][][][][][][][][][][][][][][][][][Found passwords for oid: 21-000148b4-5cd5-xdas555w-30700a604037]

[06/13/2016][07:51:37.161][07:51:37][19196][2990357392][TunnelUtils][addProviderPasswords][c6c769f3-652e5455-1002dd3e-82d0f630-41ffa033-d][][][][][][][][][][][][][][][][][][][][Exception while attempting to retrieve passwords:

java.lang.NoClassDefFoundError: Could not initialize class javax.crypto.JceSecurity

                at javax.crypto.Cipher.getInstance(Cipher.java:643)

                at com.ca.siteminder.sdk.agentapi.crypto.SmCryptoProvider.getBlockSize(SmCryptoProvider.java:1203)

                at com.ca.siteminder.sdk.agentapi.crypto.SmRC2SHA1CryptoProvider.<init>(SmRC2SHA1CryptoProvider.java:72)

                at com.ca.siteminder.sdk.agentapi.crypto.SmCryptoProvider.getInstance(SmCryptoProvider.java:203)

                at com.ca.siteminder.sdk.agentapi.crypto.SmServerCrypto.decryptInternal(SmServerCrypto.java:135)

                at com.ca.siteminder.sdk.agentapi.crypto.SmServerCrypto.decrypt(SmServerCrypto.java:123)

                at com.netegrity.federationps.tunnel.TunnelUtils.addPasswordsToMap(TunnelUtils.java:223)

                at com.netegrity.federationps.tunnel.TunnelUtils.addProviderPasswords(TunnelUtils.java:150)

                at com.netegrity.saml2ps.tunnel.SAMLSPbyIDTunnelService.tunnel(SAMLSPbyIDTunnelService.java:135)

                at com.netegrity.policyserver.smapi.TunnelServiceContext.tunnel(TunnelServiceContext.java:275)

Release:
Component: SMFED

Applicable for all environments

Basically we are doing passwords encryption at PS side for those we need JCE to be updated at PS side and also we are using RSA libraries for the encryption, RSA libraries need latest JCE patches for key size and different algorithms.

1. Kindly download the latest JCE patch for the Java which you are using on the policy server.
2. Take the backup of existing local_policy.jar and US_export_policy.jar and update the new files.
3. Restart the policy server

Please visit www.oracle.com to download latest Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files