ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Error : Error Signing Assertion and 403 Forbidden in SAML Applications
Article ID: 7886
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
SITEMINDER
Issue/Introduction
When trying to access the SAML application URLs for an IDP initiated
transaction. The error displayed on the browser is a 403 Forbidden
error and the Policy Server reports :
[31839/3992509296][Tue Jul 25 2017
13:03:16][AssertionGenerator.java][ERROR][sm-FedServer-00130]
postProcess() returns fatal error. <Response
ID="_9068337c7b67a02d32f299d8358f112a23dc"
IssueInstant="2017-07-25T13:03:16Z" Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<ns1:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">http://www.abc.com/wps/portal</ns1:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
<StatusMessage>Error Signing Assertion.</StatusMessage>
</Status>
</Response>
Cause
The keys that were used to sign the assertion were corrupted.
Environment
Policy Server 12.8.x on RedHat 6 64 bit;
Web Agent 12.52.x on RedHat 6 64 bit;
Web Agent Option Pack 12.52.x on RedHat 6 64 bit;
Resolution
Importing new functional private keys into CDS (Certificate Data
Store) resolved the issue (1).
Additional Information
(1)
Import Trusted Certificates and Key Certificate Pairs
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/key-and-certificate-management/import-trusted-certificates-and-key-certificate-pairs.html
Feedback
Yes
No
Powered by
