Symantec Access Management

  • Private Community
 View Only

  • 1.  ClassCastException in Siteminder WSFED with SAML2

    Posted Oct 19, 2018 07:40 PM

    ws-fed partnership with SAML2 is failing with classcastexception when using custom AGP.

    Using SSO 12.8 version

     

    The scenario is as below:

    1. WSFED profile SAML2 Based WITH Custom AGP = Exception

    2. WSFED profile SAML1.1 Based WITH Custom AGP = Success

    3. WSFED profile SAML2 Based WITH-OUT Custom AGP = Success

     

    The AGP is just substituting one of the attributes.

     

    java.lang.ClassCastException: com.ca.siteminder.wsgen.impl.RequestSecurityTokenResponseImpl cannot be cast to com.ca.siteminder.ws.WSRequestSecurityTokenResponseWrapper at com.netegrity.assertiongenerator.wsfed.SignInProtocol.closeupProcess(Unknown Source) at com.netegrity.assertiongenerator.wsfed.AssertionHandlerWSFED12.postProcess(Unknown Source) at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)



  • 2.  Re: ClassCastException in Siteminder WSFED with SAML2

    Broadcom Employee
    Posted Oct 22, 2018 08:10 PM

    Hi Garima, 

     

    I would open a Support ticket as I saw references to this exact same exception in R12.51 and R12.52. I wasn't able to readily locate a reference to it in R12.8 so it would require further investigation. Please reference (DE242771) and this Communities post.

    Thanks!



  • 3.  Re: ClassCastException in Siteminder WSFED with SAML2

    Broadcom Employee
    Posted Oct 23, 2018 11:35 AM

    Yes, David, For R12.51 and R12.52 ClassCastException issue was occurring at the time of assertion signing if the partnership used custom assertion generator plugin. It needed a code change to fix the issue.

     

    Garima, If you open a case, our support engineer can help to investigate working with CA Engineering why the R12.8 doesn't have this issue already fixed in the R12.8 code. You'll need to provide in the opened case all the details of your configuration.

     

    Rgds, - Vijay



  • 4.  Re: ClassCastException in Siteminder WSFED with SAML2

    Posted Oct 23, 2018 04:02 PM

    Thanks David and Vijay. I already have a case open with CA Support, hoping that it will get passed to engineering (In my experience, typically it is very tough to get any case to be looked into by engineering)



  • 5.  Re: ClassCastException in Siteminder WSFED with SAML2

    Broadcom Employee
    Posted Oct 23, 2018 04:38 PM

    Thanks Garima. I have followed up with the Case owner and will help out where I can. I am going to go ahead and mark this Communities Post as "Assumed Answered" since we have the Support case open. I added a link to the case so we can circle back around and update it later with the final resolution.



  • 6.  Re: ClassCastException in Siteminder WSFED with SAML2

    Posted Oct 23, 2018 04:50 PM

    Sounds like a plan. Thanks David!