Symantec Access Management

  • 1.  Siteminder as Service Provider:ACS_NO_REQ_CONTEXT_GET

    Posted Nov 21, 2018 10:17 PM

    Hi All,

     

    We configured Siteminder as Service provider and getting below error on IDP initiated flow, we cannot allow SP initiated flow in this case. Can someone please suggest what might be going wrong here.

     

    I have setup done for User Identification and we are getting LOGINID in SAML from IDP. Please note this is SAML2.0 but I am not sure why we are getting logs for SAML Artifcates

    Identity Attribute Source:Use Name ID
    Allow IDP to create user identifier:No
    Query parameter overrides identifier:No
    Plug-in Class:
    Plug-in Parameters:

    Map Identity Attribute to User Directories

     

    ODBC Search Specification: LOGINID=%s

    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][AssertionConsumer.java][doGet][SAML2 Assertion Consumer Service received GET request.]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][FWSBase.java][doRequestLog][Requesting Host: 10.117.39.33 Requesting Host IP: 10.117.39.33 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
    [11/21/2018][19:27:23][1976][3596][][agentcommon][][Requesting data for ConfigManager ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
    [11/21/2018][19:27:23][1976][3596][][agentcommon][][Administration Manager is returning data for ConfigManager ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][AssertionConsumer.java][createGetRequestContext][QueryString: null]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][AssertionConsumer.java][createGetRequestContext][SAMLart: null]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][AssertionConsumer.java][createGetRequestContext][No SAMLart parameters found.]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][AssertionConsumer.java][doGet][Ending SAML2 AssertionConsumer Service request processing with HTTP error 400]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][AssertionConsumer.java][doGet][Transaction with ID: 23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6 failed. Reason: ACS_NO_REQ_CONTEXT_GET]
    [11/21/2018][19:27:23][1976][3596][][agentcommon][][Requesting data for ConfigManager ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
    [11/21/2018][19:27:23][1976][3596][][agentcommon][][Administration Manager is returning data for ConfigManager ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
    [11/21/2018][19:27:23][1976][3596][][agentcommon][][Requesting data for ConfigManager ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
    [11/21/2018][19:27:23][1976][3596][][agentcommon][][Administration Manager is returning data for ConfigManager ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\SmHost.conf and SmAgentConfig ID C:\Program Files (x86)\CA\secure-proxy\proxy-engine\conf\defaultagent\WebAgent.conf]
    [11/21/2018][19:27:23][1976][3596][23672a6d-4c8f17d0-b0646fca-87ed04c4-ec94b159-5b6][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 400 ]



  • 2.  Re: Siteminder as Service Provider:ACS_NO_REQ_CONTEXT_GET

    Broadcom Employee
    Posted Dec 07, 2018 02:01 PM

    The SAML 2 Assertion Consumer Service is receiving a GET request with no query parameters.  This is why the system is assuming SAML Artifact rather than POST.  Chances are you have configured the SP to receive assertions via POST, in which case you need to get the IDP to instruct the browser to POST the assertion data to this URL.

     

    -Pete