AnsweredAssumed Answered

Error signing assertion (SAML 2.0)

Question asked by sanjay.bhatt2 on Aug 27, 2015
Latest reply on Aug 31, 2015 by sanjay.bhatt2

Hi There,

 

We are having Federation partnership (Siteminder r12.0 SP3 with SPS as federation gateway) set up with a Service Provider. Initial flow during SP-initiated SAML authentication is happening correctly with IdP able to generate Assertion. However while trying to sign the assertion, Siteminder (IdP) is throwing below error in trace logs.

 

**************************************************

 

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][AssertionGenerator.java][invoke][][][][][][][][No Plugin callout is configured.]

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][AssertionHandlerSAML20.java][postProcess][][][][][][][][Start to wrap-up the SAML2.0 response.]

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][AuthnRequestProtocol.java][closeupProcess][][][][][][][][POST signing option: 2]

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][ProtocolBase.java][SignOrEncryptAssertion][][][][][][][][Signing the Assertion with ID: _a8242057650ada73a23eefc18c03ec6b7900 ...]

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][ProtocolBase.java][SignOrEncryptAssertion][][][][][][][][Can not sign Assertion with ID: _a8242057650ada73a23eefc18c03ec6b7900  Error: Error in DSigSigner - Initializtion failed]

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][AuthnRequestProtocol.java][closeupProcess][][][][][][][][Failed to Sign Assertion.]

[08/27/2015][14:57:48][4560][32ccf3d4-06a1bb8c-4d75a099-019f9b5e-894a2deb-3e][AssertionGenerator.java][invoke][][][][][][][][AssertionHandler postProcess() failed. Leaving AssertionGenerator.]

[08/27/2015][14:57:48][4560][][SmJavaAPI.cpp:1229][JavaActiveExpression][][][][][][][][Active Expression evaluated for SmJavaAPI: JavaActiveExpression successfully invoked.  Parameter and result follow

 

****************************************************

 

The same configurations are working fine in lower environment. However, when we took the configurations to higher environment, the same is breaking with above error is siteminder trace logs.

 

We tried checking the smkeydatabase and we are able to list certs, import, export etc.

 

Just wondering if anybody has face similar issue?

 

Regards,

Sanjay

Outcomes