Layer 7 Access Management

Expand all | Collapse all

SAML 2.0

Jump to Best Answer
  • 1.  SAML 2.0

    Posted 09-06-2018 02:52 PM

    Hello

     

    I am new to SAML 2.0 and pardon my ignorance.

     

    We are implementing SAML 2.0 for a new client and I am configuring federation partnership for this client.

     

    I try to create the auth schema and do the SAML2.0 configuration. I put the details in the General and SSO tab and submit the task. But the values are not getting persisted when i check back again.

     

    SiteMinder - 12.52 R2

     

    I see the below in the logs -

     

    smps.log

    [7096/6646][Thu Sep 06 2018 18:30:16][SmSSInDBStore.cpp:1203][INFO][sm_LoginLogout_02016] failed with code - 1001
    [7096/6646][Thu Sep 06 2018 18:30:16][SmSessionServer.cpp:686][ERROR][sm-Server-06007] failed. Error code : 2
    [7096/7856][Thu Sep 06 2018 18:32:03][CServer.cpp:1808][INFO][sm-Server-01760] Closing Idle connection for session # 272286
    [7096/7856][Thu Sep 06 2018 18:32:03][CServer.cpp:1808][INFO][sm-Server-01760] Closing Idle connection for session # 272285
    [7096/2800][Thu Sep 06 2018 18:40:06][SmSessionServer.cpp:571][ERROR][sm-Server-06007] failed. Error code : 2
    [7096/2800][Thu Sep 06 2018 18:40:06][SmSSInDBStore.cpp:1203][INFO][sm_LoginLogout_02016] failed with code - 1001
    [7096/2800][Thu Sep 06 2018 18:40:06][SmSessionServer.cpp:686][ERROR][sm-Server-06007] failed. Error code : 2

     

     

    server.log (adminui/standalone/log)

    2018-09-06 18:25:16,778 ERROR [ims.ui] (default task-9) com.netegrity.webapp.page.TaskController: AttributeNotPresentException: This method requires the presence of an attribute which was not provided. The attribute is named UrlEncodeAttrCookieData.
     at com.netegrity.llsdk6.imsimpl.BaseObject.set(BaseObject.java:896) [imsapi6.jar:]
     at com.netegrity.llsdk6.imsimpl.BaseObject.setAttribute(BaseObject.java:2480) [imsapi6.jar:]
     at com.netegrity.llsdk6.imsimpl.BaseObject.setValue(BaseObject.java:3378) [imsapi6.jar:]
     at com.ca.siteminder.framework.util.TypeWrapper.setValueFromObject(Unknown Source) [webadmin.jar:12.52.0201.6565]
     at com.ca.siteminder.framework.util.TypeWrapper.setValueFromBoolean(Unknown Source) [webadmin.jar:12.52.0201.6565]
     at com.ca.siteminder.framework.xps.XPSManagedObject.setBooleanValue(Unknown Source) [webadmin.jar:12.52.0201.6565]
     at com.ca.siteminder.webadmin.managedobject.SAMLv2IdP.setUrlEncodeAttrCookieData(Unknown Source) [webadmin.jar:12.52.0201.6565]
     at com.ca.siteminder.webadmin.tabs.SAMLv2IdPSSOTabPage.update(Unknown Source) [webadmin.jar:12.52.0201.6565]
     at com.netegrity.webapp.page.NestingWrapper.update(NestingWrapper.java:231) [user_console.jar:]
     at com.netegrity.webapp.page.AbstractParentPage.update(AbstractParentPage.java:67) [user_console.jar:]
     at com.netegrity.webapp.page.TabController.update(TabController.java:324) [user_console.jar:]
     at com.netegrity.webapp.page.NestingWrapper.update(NestingWrapper.java:231) [user_console.jar:]
     at com.netegrity.webapp.page.AbstractParentPage.update(AbstractParentPage.java:67) [user_console.jar:]
     at com.netegrity.webapp.page.jsf.JSFParentPage.update(JSFParentPage.java:118) [user_console.jar:]
     at com.netegrity.webapp.page.TaskController.update(TaskController.java:606) [user_console.jar:]
     at com.netegrity.taglib.skin.TagUtilLocal.update(TagUtilLocal.java:268) [user_console.jar:]
     at com.netegrity.taglib.skin.UpdateTag.doEndTag(UpdateTag.java:145) [user_console.jar:]
     at org.apache.jsp.app.ui7.index_jsp._jspx_meth_skin_005fupdate_005f0(index_jsp.java:1719)
     at org.apache.jsp.app.ui7.index_jsp._jspService(index_jsp.java:191)
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:69) [jastow-1.0.0.Final.jar:1.0.0.Final]
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
     at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:366) [jastow-1.0.0.Final.jar:1.0.0.Final]
     at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326) [jastow-1.0.0.Final.jar:1.0.0.Final]
     at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:259) [jastow-1.0.0.Final.jar:1.0.0.Final]
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
     at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:82) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:192) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:160) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at com.netegrity.webapp.filter.ConsolePageFilter.doFilter(ConsolePageFilter.java:531) [user_console.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at com.netegrity.webapp.page.jsf.FacesFilter.doFilter2(FacesFilter.java:180) [user_console.jar:]
     at com.netegrity.webapp.page.jsf.FacesFilter.doFilter(FacesFilter.java:151) [user_console.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147) [tomahawk-1.1.5.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at com.netegrity.webapp.authentication.FrameworkLoginFilter.doFilter(FrameworkLoginFilter.java:322) [user_console.jar:]
     at com.ca.siteminder.webadmin.configuration.ui.servlet.SiteMinderLoginFilter.doFilter(SiteMinderLoginFilter.java:457) [webadmin-configuration.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at com.netegrity.webapp.filter.LocaleFilter.doFilter(LocaleFilter.java:100) [user_console.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at com.netegrity.webapp.filter.ClientExtractFilter.doFilter(ClientExtractFilter.java:35) [user_console.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at com.netegrity.webapp.filter.SessionFilter.doFilter(SessionFilter.java:103) [user_console.jar:]
     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
     at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]

    2018-09-06 18:25:16,841 WARN  [com.ca.corpui.faces.lifecycle.AJAXPhaseListener] (default task-9) AJAXPhaseListener is getting notified more than once for the RENDER_RESPONSE(6) .AJAXPhaseListener might be registered more than once.
    2018-09-06 18:25:23,111 WARN  [com.ca.corpui.faces.lifecycle.AJAXPhaseListener] (default task-18) AJAXPhaseListener is getting notified more than once for the RENDER_RESPONSE(6) .AJAXPhaseListener might be registered more than once.



  • 2.  Re: SAML 2.0

    Posted 09-06-2018 03:53 PM

    Hi Rucha. This looks like this problem above  needs to be addressed in a support case. Please open a case with the federation product code (smfss) though it it looks like a session store problem. 



  • 3.  Re: SAML 2.0

    Posted 10-07-2018 06:26 AM

    Could you please share the resolution if you were able to find one?



  • 4.  RE: Re: SAML 2.0

    Posted 29 days ago
    Was there any resolution on this? I have exactly same issue now


  • 5.  RE: Re: SAML 2.0
    Best Answer

    Posted 29 days ago
    Hi Ramarao,

    It seems that this issue is caused by duplicated information in the
    partnership :

    Error in creation SAML 2.0 Template Authentication Scheme

    It looks like that IdP ID which is active is used for SAML 2.0 AUth Scheme.
    Please use IdP ID unique for each SAML 2.0 Authentication Scheme.

    https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=101071

    This is something you can check.

    I hope this helps,

    Best Regards,
    Patrick


  • 6.  RE: Re: SAML 2.0

    Posted 29 days ago
    Thank you, but in my case, I have the same error messages on smtrace.log but they started appearing after I connected policy server to a newly built session store. 

    Connecting back to old session store the symptoms go away. I will open a support case with more details 


    _________________________________________________

    This message is for the designated recipient only and may contain privileged, proprietary
    or otherwise private information. If you have received it in error, please notify the sender
    immediately and delete the original. Any other use of the email by you is prohibited.

    Dansk - Deutsch - Espanol - Francais - Italiano - Japanese - Nederlands - Norsk - Portuguese - Chinese
    Svenska: http://www.cardinalhealth.com/en/support/terms-and-conditions-english.html