Following the Office 365 integration runbook using SiteMinder as IDP.
Runbook:
https://support.ca.com/phpdocs/1/8231/runbooks/CASM-MSOffice365FederationRunbook-ver1.0.pdf
When accessing Office365, we get redirected to the WS-Federation SSO service on SPS. After a successfull authentication, an exception is thrown by the Tomcat application server on SPS. The error reported in the FWSTrace.log is:
[SSO.java][processAssertionGeneration][Denying request due to "NO" returned from WSFED assertion generator.]
>> The associated error in the Policy server traces is :
[Error happens in running Assertionhandler process(). Leaving Assertion Generator Framework.
Exception:
com.netegrity.assertiongenerator.AssertionGeneratorException: Error generating response. Exception:
com.ca.siteminder.ws.WSWrapperException: Error converting assertion to DOM.
….
Caused by: org.xml.sax.SAXException: fatalErrorXML Parsing Error: Line:10
Column:143 An invalid XML character (Unicode: 0x3) was found in the element
content of the document.
Solution:
The problem is because the mapping with the ImmutalbleID and the objectguid. SiteMinder is not able read binary attribute and conversion should be done at the directory level and not o the fly at the policy server level. You can check the runbook page 8 - Manual Synchronization Example.