Symantec Access Management

 View Only
  • 1.  IDP Initiated SSO has issue.

    Posted Sep 03, 2015 06:13 PM

    I got this to work couple days back, ran into issues this week. Tried reverting but it doesn't seem to work


    affwebservices.log

    [17881/3022141184][Thu Sep 03 2015 16:43:24][SSO.java][ERROR][sm-FedClient-02890] Transaction with ID: 7c4774f9-a89a794d-fbe54f3e-1577b68c-1addb2d9-2 failed. Reason: FAILED_INVALID_RESPONSE_RETURNED (, , )

     

    I see this error in smps.log

    [3224/3596][Thu Sep 03 2015 16:47:50][AssertionGenerator.java][ERROR][sm-FedServer-00090] AssertionHandler process() throws exception: njava.lang.SecurityException: class "com.netegrity.util.Utils"'s signer information does not match signer information of other classes in the same package

    at java.lang.ClassLoader.checkCerts(ClassLoader.java:806)

    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)

    at java.lang.ClassLoader.defineClassCond(ClassLoader.java:625)

    at java.lang.ClassLoader.defineClass(ClassLoader.java:615)

    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)

    at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)

    at java.net.URLClassLoader.access$000(URLClassLoader.java:58)

    at java.net.URLClassLoader$1.run(URLClassLoader.java:197)

    at java.security.AccessController.doPrivileged(Native Method)

    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)

    at java.lang.ClassLoader.loadClass(ClassLoader.java:306)

    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)

    at java.lang.ClassLoader.loadClass(ClassLoader.java:247)

    at com.netegrity.assertiongenerator.saml2.ProtocolBase.marshal(ProtocolBase.java:180)

    at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.processRequest(AuthnRequestProtocol.java:1330)

    at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.process(AssertionHandlerSAML20.java:211)

    at com.netegrity.assertiongenerator.AssertionGenerator.invoke(AssertionGenerator.java:259)

    at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:286)



  • 2.  Re: IDP Initiated SSO has issue.

    Broadcom Employee
    Posted Sep 03, 2015 06:34 PM

    Hi

    What version of your PS?

     

    https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052-ENU/Bookshelf_Files/PDF/siteminder_fed_release_enu.pdf

     

    Under Chapter 7: Defects Fixed in 12.52 shows this error:

     

    PS Exception When Retrieving Password (175936)

     

    Symptom: Policy server (FIPS only) threw the following exception while searching for IDP information for an SP-initiated request:

     

    Exception while attempting to retrieve passwords:

     

    java.lang.SecurityException: class "com.netegrity.util.ct"'s signer information does not match signer information of other classes in the same package.

     

    Solution:

     

    This issue has been corrected. Star issue 21530627-01.

     

    Cheers



  • 3.  Re: IDP Initiated SSO has issue.

    Posted Sep 03, 2015 06:37 PM

    Policy Server Version=12.52,Update=00.01,Label=154,Crypto=128