Symantec Access Management

 View Only
  • 1.  SAML federation no longer work when upgrading web agent + agent optionpack to r12.52

    Posted Jul 20, 2016 09:52 PM

    Hello,

     

    I previously posted this issue but closed it because we had multiple issues which were caused by an upgrade from r12.0 to r12.52 policy server.  We initially seen two issues with our upgrade first is with SSO between our old r12.0 policy server to our new r12.52 policy server and the second issue is the Federation Services fails after we run the in-place upgrade of the web agent and agent option pack from r12.0 SP3 to r12.52 SP1 CR5.

     

    The general error I see in the FWTrace.log is that it is complaining that it is unable to find the SAML service partner ID that I am trying to invoke SAML SSO with, but when I look in the WAMUI I can confirm that it is there and able to bring up the configuration.  Once again, I did not face this issue in our DEV environment so I am very puzzled to why I am encountering this issue in our QA environment.

     

    Any help or advise is very much appreciated!

     

     

    FWTrace.log:

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Requesting data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Administration Manager is returning data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][doGet][SAML2 Single Sign-On Service received GET request.]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][FWSBase.java][doRequestLog][Requesting Host: 10.22.143.10 Requesting Host IP: 10.22.143.10 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][doGet][Query String: SPID=http://fs.stg.hodesiq.com]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][getSavedRequestDataUsingGuid][Enter getSavedRequestDataUsingGuid]

    [07/21/2016][01:07:25][3216][2928499600][][DelegatedAuthHelper][getCookie][Cookie Name: WT_FPC]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][doGet][Request is UNSOLICITED!]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Requesting data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Administration Manager is returning data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][processRequest][Reading SAML 2.0 SP Configuration [CHECKPOINT = SSOSAML2_SPCONFREAD_REQ]]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAML2Base.java][getServiceProviderInfo][Trying to fetch SAML2.0 SP Configuration from cache [CHECKPOINT = SAML2_SPCONFFROMCACHE_REQ]]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAMLTunnelClient.java][getServiceProviderInfoByID][Provider ID: http://fs.stg.hodesiq.com.]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Requesting data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Administration Manager is returning data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 2.]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAMLTunnelClient.java][getServiceProviderInfoByID][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.dm, method getServiceProviderInfoByID: java.lang.IllegalArgumentException: "Cannot parse bytes to a ProviderDataResponseData"]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for sp: http://fs.stg.hodesiq.com Message: null.]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SAML2Base.java][getServiceProviderInfo][Could not find service provider information for idp: http://fs.stg.hodesiq.com.]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][processRequest][Transaction with ID: e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e failed. Reason: NO_PROVIDER_INFO_FOUND]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][processRequest][No SAML2 provider information found for SP http://fs.stg.hodesiq.com.]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][SSO.java][processRequest][Ending SAML2 Single Sign-On Service request processing with HTTP error 400]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Requesting data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Administration Manager is returning data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Requesting data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][][agentcommon][][Administration Manager is returning data for ConfigManager ID /usr/pservices/ca/siteminder/webagent/config/SmHost.conf and SmAgentConfig ID /usr/pservices/ers/servers/smfss-stg/conf/WebAgent.conf]

    [07/21/2016][01:07:25][3216][2928499600][e172145d-27602c9d-4ef44ad7-742dbb61-750d51c3-6e][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 403 ]

    [07/21/2016][01:07:30][3216][2933418896][][CustomPostPageCache][performUpdate][Checking for updates]



  • 2.  Re: SAML federation no longer work when upgrading web agent + agent optionpack to r12.52
    Best Answer

    Posted Jul 20, 2016 11:35 PM

    Hi Duc,

     

    Please check the corresponding Policy Server trace and identify the reason why Service Provider object failed to be located. Also, please try deactivate and reactivate the same Partnership to see if that makes a difference in the outcome.



  • 3.  Re: SAML federation no longer work when upgrading web agent + agent optionpack to r12.52

    Broadcom Employee
    Posted Jul 21, 2016 12:12 AM

    Hi,

    Also, please ensure that Policy Server requirement is met. It needs JCE patch in 12.52.

    Policy Server Installation Requirements - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation

    Regards,

    Koichi