ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Can not do an SP initiated transaction by using cert that contains non ASCII chars.


Article ID: 7957


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When doing an SP initiated transaction with  the Authnrequest signed by a third party.

It works fine if the third party cert is using a standard cert but it is failing using cert that contains non ASCI chars in the IssuerDN

From the SP logs/traces generated : 



[07/12/2016][09:38:22][4484][1176][156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7][][processSAMLResponse][authenticateUser failed: 1] 


[07/12/2016][09:38:22][4484][1176][156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7][][redirectLoginFailure][Redirect Mode="0" URL="null"] 

[07/12/2016][09:38:22][4484][1176][156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7][][redirectLoginFailure][Ending SAML2 AssertionConsumer Service request processing with HTTP error 500] 

[07/12/2016][09:38:22][4484][1176][156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7][][redirectLoginFailure][Transaction with ID: 156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7 failed. Reason: ACS_FAILED_PROCESS_FAILURE] 



smtraces (PS) 

[2108][3112][07/12/2016][15:08:22][15:08:22.752][Getting Assertion by ID: _f571d44e26039fb37b2efb38c609a1e4fb1e][][checkAssertion][][][][][][][][][][][156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 

[2108][3112][07/12/2016][15:08:22][15:08:22.759][Could not get certificate from trusted key database (IssuerName: CN="Toto titi/[email protected]", O=MyNetwork AB, L=Trollhättan, ST=Västra Götalands Län, C=SE Serial Number: a123456) ][][verifyXML][][][][][][][][][][][156f0175-de2507da-4910b6ef-162b08cf-3b12ec13-f7][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 

[2108][3112][07/12/2016][15:08:22][15:08:22.760][Exception while verifying signature: 

This issue can also occur when signing an assertion with certs containing non ASCII chars


IDP SiteMinder : on Windows 2008 R2 Custom SP


This issue is fixed in R12.52 SP1 CR06:


Encrypting the assertion throws an error on the IDP side when cert contains non-ASCI characters in the IssuerDN.

00370648 - DE197591

00449759 - DE187115

00413584 - DE172081

00380676 - DE163488

00337693 - DE156901

00328269 - DE144249

00444984 - DE186346