Symantec Access Management

Expand all | Collapse all

SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

  • 1.  SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Aug 28, 2014 08:55 AM

    Greetings!

     

    Do anyone have any experience with configuring SimpleSAML as a SP?  I followed their official guide to setup in SP side and created a federation partnership. After I provided with the credentials, I saw errors on my web browser:

     

    HTTP Status 403 - Request Forbidden. Transaction ID: 5c63e51c-7159aa75-18f73133-e19133e7-597957a9-db3 failed.


    type Status report

    message Request Forbidden. Transaction ID: 5c63e51c-7159aa75-18f73133-e19133e7-597957a9-db3 failed.

    description Access to the specified resource has been forbidden.



    The affwebservice log simply shows the following:

     

    [27472/35523440][Thu Aug 28 2014 11:37:28][SSO.java][INFO][sm-FedClient-01530] SAML2 Single Sign-On Service Initialization.

    [27472/35523440][Thu Aug 28 2014 11:37:28][SSO.java][INFO][sm-FedClient-01520] SAML2 Single Sign-On Service has been successfully initialized.

    [27472/35523440][Thu Aug 28 2014 11:37:30][SSO.java][ERROR][sm-FedClient-02890] Transaction with ID: 5c63e51c-7159aa75-18f73133-e19133e7-597957a9-db3 failed. Reason: NO_PROVIDER_INFO_FOUND (, , )

    [27472/35523440][Thu Aug 28 2014 11:37:30][SSO.java][ERROR][sm-FedClient-02440] No SAML2 provider information found for SP simplesamlsp.

     

    Any advice is much appreciated!



  • 2.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Aug 28, 2014 01:00 PM

    As with anything logs are the key. Capture the right information and you'll get the root.

     

    in this case i would enable FWStrace and just toss in everything. it might be noisy but will tell you a lot fo good information



  • 3.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Aug 28, 2014 10:52 PM

    Thanks! How can I enable FWTrace? I'm using SPS and Is it to be done in Agent Configuration Object?



  • 4.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Aug 28, 2014 11:15 PM

    Thanks and the log can be enabled at:

     

    /opt/netegrity/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/classes/LoggerConfig.properties

     

    The FWTrace is telling me almost the same message:

     

    [08/29/2014][02:41:48][48539][54025072][dd701fda-6b922e67-2a51a33b-d0ca0416-41b692e4-56f][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]

    [08/29/2014][02:41:48][48539][54025072][dd701fda-6b922e67-2a51a33b-d0ca0416-41b692e4-56f][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for sp: rm2 Message: .]

    [08/29/2014][02:41:48][48539][54025072][dd701fda-6b922e67-2a51a33b-d0ca0416-41b692e4-56f][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for idp: rm2.]

    [08/29/2014][02:41:48][48539][54025072][dd701fda-6b922e67-2a51a33b-d0ca0416-41b692e4-56f][SSO.java][processRequest][Transaction with ID: dd701fda-6b922e67-2a51a33b-d0ca0416-41b692e4-56f failed. Reason: NO_PROVIDER_INFO_FOUND]



  • 5.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Broadcom Employee
    Posted Aug 29, 2014 02:36 AM

    Put in the Policy Server profiler the Transaction ID also and bind the error you get in the Federation Services with the Policy Server traces on the transaction id (the transaction id in the sample above is : dd701fda-6b922e67-2a51a33b-d0ca0416-41b692e4-56f) in order to get more details. More, you can alos set -verbose in the JVMOptions.txt of the Policy Server, and start the Policy Server from command line to get the Assertion Generator java output in the console. Be sure obviously that the IdP rm2 is configured or there is an entity with that name in your configuration



  • 6.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP
    Best Answer

    Posted Sep 03, 2014 08:54 AM

    your transaction id is logged inthe PS as Attribute 221 on its send over, if it gets there you might has the transaction id column show.

    you need data and message in the data points. so if possible has your smtracedefault.txt be as complete as possible:

     

    components: AgentFunc, Server, IsProtected, Login_Logout, IsAuthorized, Tunnel_Service, JavaAPI, Directory_Access, ODBC, LDAP, IdentityMinder, TXM, Fed_Server, DLP

    data: Date, PreciseTime, Pid, Tid, SrcFile, Function, TransactionID, AgentName, Resource, User, Group, Realm, Domain, Directory, Policy, AgentType, Rule, ErrorValue, ReturnValue, ErrorString, IPAddr, IPPort, Result, Returns, CallDetail, ObjectClass, DomainOID, SearchKey, ObjectOID, Property, AuthStatus, AuthReason, AuthScheme, CertSerial, SubjectDN, IssuerDN, SessionSpec, SessionID, CertDistPt, UserDN, Action, RealmOID, State, ClusterID, HandleCount, FreeHandleCount, BusyHandleCount, ResponseTime, Throughput, MaxThroughput, MinThroughput, Threshold, TransactionName, HexadecimalData, Query, ActiveExpr, RequestIPAddr, Expression, CacheHits, CacheSize, RefCount, ExecutionTime, Tenant, Message, Data

    version: 1.1

    that should show 3 lines. lines start "components" "data" and "version"

    then you will see the lines will be:

    [Date][PreciseTime][Pid][Tid][SrcFile][Function][TransactionID][AgentName][Resource][User][Group][Realm][Domain][Directory][Policy][AgentType][Rule][ErrorValue][ReturnValue][ErrorString][IPAddr][IPPort][Result][Returns][CallDetail][ObjectClass][DomainOID][SearchKey][ObjectOID][Property][AuthStatus][AuthReason][AuthScheme][CertSerial][SubjectDN][IssuerDN][SessionSpec][SessionID][CertDistPt][UserDN][Action][RealmOID][State][ClusterID][HandleCount][FreeHandleCount][BusyHandleCount][ResponseTime][Throughput][MaxThroughput][MinThroughput][Threshold][TransactionName][HexadecimalData][Query][ActiveExpr][RequestIPAddr][Expression][CacheHits][CacheSize][RefCount][ExecutionTime][Tenant][Message][Data]

     

    which will show somethign like:

    [09/03/2014][08:49:04.500][968][2648][SmMessage.cpp:525][CSmMessage::ParseAgentMessage][s2/r3][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][Receive request attribute 221, data size is 60][00000000000000000000000001000000-120c-54070e40-1334-02510029]

     

    Now follow along your PID/TID combo and you can find what is occuring on the Policy Server Side.

     

    As you see only what is used is populated int he trace.

     

    (we have full tracing in our lowest environment, so i could make a sample for you really easy. hope it helps! =o)

     

    -Josh



  • 7.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Sep 04, 2014 12:00 AM

    Hi JPerlmutter,

     

    Thanks for the information. We have modified our trace template and managed to get more information. With the help from CA support we have identified the root cause is due to incorrect JCE patch.



  • 8.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Dec 09, 2016 05:10 AM

    Hi,

     

    Can you please let me know what is this JCE patch and what exactly was done o resolve the issue. I am facing similar issue at my end.

    Also let me know how is this related to Siteminder.

     

    Regards,

    Pankaj Sharma



  • 9.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Dec 09, 2016 06:30 AM

    Hi Pankaj,

     

    Please refer below KB article for more details on above error.

    http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.TEC1446925.html

     

    Thanks,

    Sharan



  • 10.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP

    Posted Feb 12, 2015 04:09 AM

    @JPerlmutter

    HI Josh,

     

    i want to configure a partnership federation application with SPS. can you please tell me steps to follow.

    i have SPS on RHEL6 and it is working for simple web application.

     

    thanks



  • 11.  Re: SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP