Layer7 Access Management

Expand all | Collapse all

Tech Tip : CA Single Sign-On : Web Agent Option Pack return 403 when Service Provider has accentuated character

  • 1.  Tech Tip : CA Single Sign-On : Web Agent Option Pack return 403 when Service Provider has accentuated character

    Posted 06-02-2017 09:47 AM

    Issue:

     

    I run Federation Services from Web Agent Option Pack, and when I go to
    the IDP page to authenticate, I'm refused access with 403 code, and
    the logs show me that the Policy Server doesn't find the Service
    Provider with the following lines :

     

      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [FWSBase.java][doRequestLog][Requesting Host: 10.134.177.249 Requesting Host IP:
       10.134.177.249 Request protocol: HTTP/1.1 Request was secure: false
       Authentication type: null]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SSO.java][doGet][Query String: SPID=%C3%A2me]

     

      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 5, Failed
       to obtain Service Provider data by provider ID. Provider ID: âme]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SAML2Base.java][getServiceProviderInfo][Could not find service provider
       information for sp: âme Message: Failed to obtain Service Provider data by
       provider ID. Provider ID: âme.]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SAML2Base.java][getServiceProviderInfo][Could not find service provider
       information for idp: âme.]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SSO.java][processRequest][Transaction with ID:
       25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9 failed.
       Reason: NO_PROVIDER_INFO_FOUND]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SSO.java][processRequest][No SAML2 provider information found for SP âme.]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [SSO.java][processRequest][Ending SAML2 Single Sign-On Service request
       processing with HTTP error 400]
      [03/15/2013][10:27:33][18531][25][25e2e066-bb7a852c-efffa0ee-1fc8c222-b366106e-c9]
       [ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]

     

    I have already set Encoding="UTF-8" in server.xml file in the Application Server.

     

    How can I solve this ?


    Environment:


    Web Agent Option Pack 12.52SP1CR06 on Tomcat 6


    Cause:

     

     The Service Provider ID has accentuated character : "âme" which causes the issue.


    Resolution:

     

    For Tomcat Application Server for Web Agent Option Pack : the
    Connector elements must be configured to support UTF-8. This is
    accomplished via setting URIEncoding="UTF-8".

     

    Tomcat :

     

    Set the URIEncoding attribute on the <Connector> element in server.xml
    to something specific (e.g. URIEncoding="UTF-8").

     

    https://wiki.apache.org/tomcat/FAQ/CharacterEncoding

     

    KB : TEC1925929



  • 2.  Re: Tech Tip : CA Single Sign-On : Web Agent Option Pack return 403 when Service Provider has accentuated character

    Posted 06-02-2017 12:36 PM

    Thank you for sharing the tips today Patrick!