CA SSO : WAOP : Error Parsing SAML Assertion at SP.

book

Article ID: 5456

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Customer is using siteminder as SP and using SP initiated SAML 2.0 transaction. Partnership federation being used for the configuration.

While running the SP Initiated transaction, IDP was able to send the SAML response successfully to SP but Siteminder was giving below error while parsing the SAMLResponse:

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][AssertionConsumer.java][processSAMLResponse][Could not parse SAMLresponse. Error message: null]

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][AssertionConsumer.java][processSAMLResponse][Ending SAML2AssertionConsumer Service request processing with HTTP error 400]

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][AssertionConsumer.java][processSAMLResponse][Transaction with ID:13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39 failed. Reason:ACS_BAD_SAMLRESPONSE_XML]

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 400]

Cause

This is a defect, it was identified when SAML SSO between R6 FSS and R12.5 CR02 failing with "Could not parse SAML response. Error message: null" as well as "ACS_BAD_SAMLRESPONSE_XML". 

Environment

SiteMinder Policy Server R12.51Federation Security Services Option Pack R12.51

Resolution

This is fixed in r12.52.

Kindly upgrade to CA SSO r12.52 to fix the issue. 

Additional Information

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52#DefectsFixedin12.52-SAMLSSOFailure