SiteMinder as ServiceProvider

Back to discussions

Expand all | Collapse all

Jump to Best Answer

1. SiteMinder as ServiceProvider

0 Recommend
deactivated user
Posted Aug 17, 2017 01:17 AM

Reply Reply Privately
Dear friends, I am woking on a POC setting up a federation partnership where SiteMinder acts as Service Provider and CA API Gateway acting as IDP implementing SAML 2.0 HTTP - POST binding.
I have good experience with SiteMinder as IDP.but this is my first attempt to configure SiteMinder as Service provider.
I have started on SiteMinder side based on bits and pieces of documentation I found. Not sure if this correct setup, appreciate any insights.
I have created a LocalSP Entity, RemoteIDP Entity.
I created SP -> IDP Partnership
Created SAML 2.0 authentication scheme matching IDP and SP entity IDs created in earlier steps
Created a domain, realm with SPS agent with SAML 2.0 authentication scheme.
When I access the protected resource, I get a message: Server Error. The server was unable to process your request.
No logs on SPS what so ever.
Policy Server traces show that auth scheme is loaded but nothing done:
[08/16/2017][22:20:09][4055243632][][][][][][][][][][][][][][LogMessage:INFO:[sm-Server-02750] Loaded authentication scheme SP SAML authentication. Version 1536 . TransactionMinder(tm) SAML authentication scheme][][][SmAuthServer.cpp:332][7143][22:20:09.351][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/16/2017][22:20:09][4055243632][][][][][][][][][][][][][][Entering SmAuthSaml SmAuthQuery. lpszParam data follows:][][][SmAuthSaml.cpp:920][7143][22:20:09.352][SmAuthQuery][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/16/2017][22:20:09][4055243632][][][][][][][][][][][][][][Query Parameter: SAML2:@21-0009c36d-fd37-1994-ba54-80740a98f021][][][SmAuthSaml.cpp:924][7143][22:20:09.352][SmAuthQuery][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/16/2017][22:20:09][4055243632][][][][][][][][][][][][][][SAML 2.0 auth scheme param found, returning SAML20 in buffer][][][SmAuthSaml.cpp:990][7143][22:20:09.352][SmAuthQuery][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/16/2017][22:20:09][4055243632][][][][][][][][][][][][][][Enter function CSm_Az_Message::SendReply][][][Sm_Az_Message.cpp:408][7143][22:20:09.352][CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 150, data size is 39][03-00044584-0855-1995-ba54-80740a98f021][][Sm_Az_Message.cpp:827][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][30 33 2d 30 30 30 34 34 35 38 34 2d 30 38 35 35 2d 31 39 39 35 2d 62 61 35 34 2d 38 30 37 34 30 61 39 38 66 30 32 31 ][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 204, data size is 39][06-0008f41e-08ab-1995-ba54-80740a98f021][][Sm_Az_Message.cpp:827][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][30 36 2d 30 30 30 38 66 34 31 65 2d 30 38 61 62 2d 31 39 39 35 2d 62 61 35 34 2d 38 30 37 34 30 61 39 38 66 30 32 31 ][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 203, data size is 13][sps agent test][][Sm_Az_Message.cpp:827][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][73 70 73 2d 70 6c 64 32 20 74 65 73 74 ][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 219, data size is 4][2048][][Sm_Az_Message.cpp:827][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][32 30 34 38 ][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 220, data size is 6][** Not Shown **][][Sm_Az_Message.cpp:716][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][** Not Shown **][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 146, data size is 0][][][Sm_Az_Message.cpp:827][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][Send response attribute 147, data size is 0][][][Sm_Az_Message.cpp:827][7143][22:20:09.352][CSm_Az_Message::FormatAttribute][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][IsProtectedEx][][][][][][][][][][][][][08/16/2017][22:20:09][4055243632][sps agent test][][][][][][][][][][][][sps agent][** Status: Protected. ][][][Sm_Az_Message.cpp:597][7143][22:20:09.352][CSm_Az_Message::ProcessMessage][][][Testing SP on Siteminder][][s27273/r7][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
2. Re: SiteMinder as ServiceProvider

0 Recommend
Julien_Nitot
Posted Aug 17, 2017 02:20 AM

Reply Reply Privately
Hello,

Could not find any error in the logs extract provided.
You might have to enable federation traces at the SPS level.
You can check the following :
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/troubleshooting/partnership-federation-troubleshooting/log-files-that-aid-partnership-federation-troubleshooting

Hope it helps,
Julien.
3. Re: SiteMinder as ServiceProvider
Best Answer

0 Recommend
wonsa03
Posted Aug 17, 2017 09:29 PM

Reply Reply Privately
Hi Anil,

The fact that you are using 'SAML 2.0 authentication scheme' is suggesting that you are using Legacy Federation.Any reason why you are not using Partnership Federation?

The log snippet above, suggesting that the resource is protected by SPS agent and somewhere around loading the 'SAML 2.0 authentication scheme' is not working well. Fiddler trace will gives us a better idea on how the request is routing and at which point it stopped. Based on that, we can review the log and trace from the identified component.
4. Re: SiteMinder as ServiceProvider

0 Recommend
deactivated user
Posted Aug 18, 2017 05:46 PM

Reply Reply Privately
Yes , I have been getting my knowledge from multiple CA documents which caused me to configure SAML auth scheme. I have removed it. I am able to get it to work with typical entity ID and Partnership creation with matching values such as IssuerID , audience etc with IDP.

Thanks for your help.

Symantec Access Management

SiteMinder as ServiceProvider

deactivated userAug 17, 2017 01:17 AM

Julien_NitotAug 17, 2017 02:20 AM

wonsa03Aug 17, 2017 09:29 PMBest Answer

deactivated userAug 18, 2017 05:46 PM

1. SiteMinder as ServiceProvider

2. Re: SiteMinder as ServiceProvider

3. Re: SiteMinder as ServiceProvider Best Answer

4. Re: SiteMinder as ServiceProvider

3. Re: SiteMinder as ServiceProvider
Best Answer