AnsweredAssumed Answered

SP initiated flow 500 error on upgrade to R12.52

Question asked by Kanishak1 on May 10, 2016
Latest reply on May 11, 2016 by Kanishak1

Hi,

 

We upgraded siteminder from R12.50 to R12.52 and SP initiated flows are failing with 500 internal server error , Below is the log that is from policy server:

 

Smtracedefault.log:

 

[05/10/2016][00:10:56.355][00:10:56][16700][3540642672][AuthnRequestProtocol.java][validateDestination][fdcd7431-95bd2235-e40bb7af-0b309673-1de3cc85-6f3][][][][][][][][][][][][][][][][][][][][Desti

nation does not match local URL.

Smps.log:

 

</StatusCode>

        <StatusMessage>Request did not satisfy security requirements!</StatusMessage>

    </Status>

</Response>

 

Affwebserv.log:

 

Reason: FAILED_INVALID_RESPONSE_RETURNED

 

FWSTrace.log:

[SSO.java][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=NO.]

failed. Reason: FAILED_INVALID_RESPONSE_RETURNED]

[ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 500 ]

 

We have proxy URL coming in the logs which is different than the destination URL but exact same case work in R12.50. Also one of the SP integrated application in R12.52 works fine and in that case proxy URL is same as to destination URL.

 

Below are the questions if somebody can help answer ( We have already raised the CA case on it but if somebody has answers or experienced the same issue please help answer to it) - We are using Federation partnership.

 

- In R12.52 if some logic is changed to compare and destination URL has to be same as proxy URL as not working in R12.52 works fine in R12.50.

- Proxy URL in the logs is picked up from which configuration of the partnership.

- Is proxy URL part of the metadata that is imported on SP side.

- What changes should be made to fix it???

- Is this the real cause of the impact that we are seeing?

 

Thanks

Outcomes