Symantec Access Management

Tech Tip : CA Single Sign-On : CA Single Sign On Siteminder Application Access problem

  • 1.  Tech Tip : CA Single Sign-On : CA Single Sign On Siteminder Application Access problem

    Broadcom Employee
    Posted Aug 23, 2018 08:37 AM

    Issue:

     

    We're running Web Agent Option Pack, when a user request a specific saml
    application, the Web Agent Option Pack reports error 500 to the
    browser :

     

    1. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
    de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Received
    the following response from SAML2 assertion generator:
    SAML2Response=NO.]
    2. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
    de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Transaction
    with ID: 22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f
    failed. Reason: FAILED_INVALID_RESPONSE_RETURNED]
    3. [07/24/2018][14:46:24][7036][3332][22aa9946-027f1620-5008512e-
    de22fb7f-a92e2d9a-5f][SSO.java][processAssertionGeneration][Denying
    request due to "NO" returned from SAML2 assertion generator.]

     

    And in the smtracedefault.log we have

     

    4. [07/24/2018][14:46:24.553][14:46:24][1108][8740][AssertionGenerator.java]
    [invoke][22aa9946-027f1620-5008512e-de22fb7f-a92e2d9a-5f][][][][][][][][]
    [][][][][][][][][][][][Error in getting configuration
    data. Leaving Assertion Generator Framework. Exception:

    java.lang.Exception: The Federation Web Service didn't send the
    request with a correct resource! Internal Exception:

    java.lang.IllegalArgumentException: Input byte array has wrong
    4-byte ending unit

    at java.util.Base64$Decoder.decode0(Base64.java:704)
    at java.util.Base64$Decoder.decode(Base64.java:526)
    at java.util.Base64$Decoder.decode(Base64.java:549)
    at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source)
    at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
    at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
    at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
    at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source)
    at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source)
    at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)

     

    How can we fix this ?

     

    Environment:

     

    Policy Server 12.8

     

    Cause:

     

    There's an issue in the asssertiongenerator java code.

     

    Resolution:

     

    This issue has a fix which will be available in the next CR of Policy Server 12.8

     

    KB : KB000108999