Patrick-Dussault

Tech Tip : CA Single Sign-On : Web Agent Option Pack return 403 when Service Provider has accentuated character

Discussion created by Patrick-Dussault Employee on Jun 2, 2017
Latest reply on Jun 2, 2017 by Chris_Hackett

Issue:

 

I run Federation Services from Web Agent Option Pack, and when I go to
the IDP page to authenticate, I'm refused access with 403 code, and
the logs show me that the Policy Server doesn't find the Service
Provider with the following lines :

 

  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [FWSBase.java][doRequestLog][Requesting Host: 10.134.177.249 Requesting Host IP:
   10.134.177.249 Request protocol: HTTP/1.1 Request was secure: false
   Authentication type: null]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SSO.java][doGet][Query String: SPID=%C3%A2me]

 

  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 5, Failed
   to obtain Service Provider data by provider ID. Provider ID: âme]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SAML2Base.java][getServiceProviderInfo][Could not find service provider
   information for sp: âme Message: Failed to obtain Service Provider data by
   provider ID. Provider ID: âme.]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SAML2Base.java][getServiceProviderInfo][Could not find service provider
   information for idp: âme.]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SSO.java][processRequest][Transaction with ID:
   25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9 failed.
   Reason: NO_PROVIDER_INFO_FOUND]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SSO.java][processRequest][No SAML2 provider information found for SP âme.]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [SSO.java][processRequest][Ending SAML2 Single Sign-On Service request
   processing with HTTP error 400]
  [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
   [ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]

 

I have already set Encoding="UTF-8" in server.xml file in the Application Server.

 

How can I solve this ?


Environment:


Web Agent Option Pack 12.52SP1CR06 on Tomcat 6


Cause:

 

 The Service Provider ID has accentuated character : "âme" which causes the issue.


Resolution:

 

For Tomcat Application Server for Web Agent Option Pack : the
Connector elements must be configured to support UTF-8. This is
accomplished via setting URIEncoding="UTF-8".

 

Tomcat :

 

Set the URIEncoding attribute on the <Connector> element in server.xml
to something specific (e.g. URIEncoding="UTF-8").

 

https://wiki.apache.org/tomcat/FAQ/CharacterEncoding

 

KB : TEC1925929

Outcomes