AnsweredAssumed Answered

Primary certificate serial number or issuer dn is empty or null

Question asked by NarGarg on Dec 5, 2017
Latest reply on Dec 8, 2017 by NarGarg

I have installed new policy server R12.7 SP01 on RHEL 7.x server. I have already created Session store and using SPS for Federation. Application is working good with IDP initiate but I need to test SP-POST initiate. I am getting HTTP 500 error message from IDP side and unable to generate assertion. Following error message in SMPS.log and smtrace.log files. I am using Salesforce for SP side. 

[12/05/2017][11:54:53.116][11:54:53][25615][139941929522944][SignatureProcessor.java][verifyXML][28454859-44ab3909-aabfeda8-ab22f51b-fbb01f51-2a][][][][][][][][][][][][][][][][][][][][Primary certificate serial number or issuer dn is empty or null][][]

 

[25615/139941929522944][Tue Dec 05 2017 11:54:53][AssertionGenerator.java][ERROR][sm-FedServer-00080] preProcess() returns fatal error. <Response ID="_56e275566d07400b09772d21650e7a754fd1" InResponseTo="_2CAAAAWC4AtloME8wZTAwMDAwMDAwMDAxAAAA0r-xvK-oddNq3AcHCggGhkIzm9CZYnCpUa7WBc3VSj6cf8Zj-kDzVrEuzJOLOmD8LMdgVK4uqubqpQHbaG63KlwPe1wXK9KvrIkhNyY9K6ZOiUUemG1yRlHQNLKRUNGRj2StdjtLx4qOVKyufGGE-4BWJxr3N5ufCKadhMLrS78j9b6nnrz3ZA-T5bYl-8TZmoe-lFrE1azsgAT5vSg3D0scC6QkaDXLzO-yTzkA8vqjKZFLRQA2jvkyKf7PpKgrng" IssueInstant="2017-12-05T17:54:53Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">xxxx.***.net</ns1:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
<StatusMessage>Configuration error.</StatusMessage>
</Status>
</Response>

Outcomes