Christie
This error that you see i.e.
[AssertionGenerator.java][ERROR][sm-FedServer-00120] postProcess() throws exception: ncom.netegrity.assertiongenerator.AssertionGeneratorException: Error while signing Assertion! Exception:
com.netegrity.smkeydatabase.api.XMLDocumentOpsException: SignInProtocol: Exception when signing SAML Assertion - WSFEDSigner: Exception while signing XML document.
com.netegrity.smkeydatabase.api.XMLDocumentOpsException: Caught an Exception calling signXMLDocument using IXMLSignature. nulljava.lang.NullPointerException
In which logs are you seeing this error? Is it on SharePoint Agent log OR Policy Server log?
If you are seeing this error on SharePoint Agent FWSTrace.log; have we stopped and started SharePoint Agent Services; after importing the private key and public cert on Policy Server WAMUI?
Again on the policy server side, you mentioned you had only imported the Public Cert. So did you first delete that Public Cert from WAMUI, then proceed to import the Private Key and Public Certs simultaneously at the sametime using the WAMUI.
So the steps would be
- Login to WAM UI.
- Delete imported Public Cert.
- Add Private Key and Public Cert.
- Login to SharePoint Agent Server machine. Make sure in Affiliate Domain the alias mapping is still present by re-running the SharePoint Connection Wizard and choosing Edit Connection.
- Now just because the Affiliate Domain has the alias name mapping it does not mean everything is all right. Remember in siteminder all objects are linked by OIDs. We deleted the Public Cert. So that link is may now be dirty. We have to re-establish that link.
- Submit the Edit Connection Wizard, such that it refreshes the Object link between the new Certificate (key pair) Imported and existing affiliate domain.
- Login to SharePoint Agent Server, stop and start services.
- Test.
Also I don't think the noodle exception is linked to Assertion Signing. They are two different code paths independent of each other. So please lets us not discuss noodle exception in this thread.
Another suggestion I have for you is, you mentioned having generated the SelfSigned Certificate using openssl and then importing that into WAMUI. My suggestion would be to create a new SelfSigned Certificate from the WAMUI OR a Proper CA Signed Certificate (by generating a CSR) from WAM UI. Provide a new Alias name for the certificate key pair created via the WAM UI and then use this new alias name in the SharePoint Connection Wizard. Now test the journey.
Peace
Hubert