Layer7 Access Management

Expand all | Collapse all

Stream corrupted Exception on IDP side while running federation saml2 transaction

  • 1.  Stream corrupted Exception on IDP side while running federation saml2 transaction

    Posted 07-14-2015 01:38 PM

    I have configured legacy federation setup R12 SP3 CR12 910 version:

    IDP side: Win2k8 32 bit.

     

    Basic siteminder transaction is working fine and later i installed WAOP and AppServer on it, though assertionretriever is working fine, it is giving following error in FWStrace logs while running transaction:

     

    ][13:02:34][3396][3504][153a94a0-27b108c1-bf6a8cee-1f8b1552-be8aac3e-b7][SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 2.]

    ][13:02:35][3396][3504][153a94a0-27b108c1-bf6a8cee-1f8b1552-be8aac3e-b7][SAMLTunnelClient.java][getServiceProviderInfoByID][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.br, method getServiceProviderInfoByID: java.io.StreamCorruptedException: invalid stream header: 4661696C]

    ][13:02:35][3396][3504][153a94a0-27b108c1-bf6a8cee-1f8b1552-be8aac3e-b7][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for sp: sp1 Message: null.]

    ][13:02:35][3396][3504][153a94a0-27b108c1-bf6a8cee-1f8b1552-be8aac3e-b7][SSO.java][processRequest][No SAML2 provider information found for SP sp1.]

    ][13:02:35][3396][3504][153a94a0-27b108c1-bf6a8cee-1f8b1552-be8aac3e-b7][SSO.java][processRequest][Ending SAML2 Single Sign-On Service request processing with HTTP error 400]

    [13:02:35][3396][3504][153a94a0-27b108c1-bf6a8cee-1f8b1552-be8aac3e-b7][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]

     

    It seems WAOP is having problem connecting to Policy Server, please suggest what can be done to tackle it.



  • 2.  Re: Stream corrupted Exception on IDP side while running federation saml2 transaction

    Posted 07-26-2015 12:48 AM

    Hi Sinsa,

     

    For R12 SP3, please confirm the version of the Web Agent Option Pack matches the Policy Server version, including the Service Pack and CR version. In addition, if the Web Agent and Web Agent Option Pack are installed on the same machine, they must also be the same version, including the Service Pack and CR version.

     

    Also, please clarify if this is SAML artifact profile/binding setup and check the same request (via transaction ID) against the Policy Server trace to confirm the response from the PS.

     

    Best regards,

    Kelly