Skip navigation
All People > SungHoon_Kim > Sung Hoon Kim's Blog > 2016 > May > 11

Policy Server is responsible in generating assertion and the user must be authorized in the partnership or affiliate properties setting to do so.


When using "<PS>/config/profiler_template/samlidp_trace.template" for smtracedefault.log, the following message helped to get close to the root cause.


[AssertionHandler preProcess() failed. Leaving AssertionGenerator.]


Once you have located this message, just look for a few lines above it and there should be the information to determine the cause.


For example,

Sample1: [Web SSO HTTP Post binding is disabled in the SP configuration.]

Sample2: exceptions


In the above Sample1, Both HTTP-Artifact and HTTP-POST method were not allowed so even when the Policy Server had collected the information to generate assertion, it has declined to generate one.

Solution was to enable HTTP-POST method to post the assertion to SP.


In the Sample2, look out for exceptions and there could be many different reasons but one of them could be an expired certificate for the signing key.