CA SiteMinder IDP and Shibboleth SP
Bhattacharjee, Raja
Raja.Bhattacharjee at Level3.com
Tue May 26 10:12:40 EDT 2015
Hello,
We are coming across a unique problem in our federation. Often time the federation is working except that intermittently when from our shibboleth SP we send a redirect to our enterprise client (who are using CA Site Minder), the siteMinder throws an error of the form
[05/18/2015][19:08:42][2516][2552][1775d395-9edf9f17-457f6763-e8894ddd-729c5648-10fb][SSO.java][processAssertionGeneration][Result of authorizeEx call is: 1.]
[05/18/2015][19:08:42][2516][2552][1775d395-9edf9f17-457f6763-e8894ddd-729c5648-10fb][SSO.java][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=NO.]
[05/18/2015][19:08:42][2516][2552][1775d395-9edf9f17-457f6763-e8894ddd-729c5648-10fb][SSO.java][processAssertionGeneration][Denying request due to "NO" returned from SAML2 assertion generator.]
[05/18/2015][19:08:42][2516][2552][1775d395-9edf9f17-457f6763-e8894ddd-729c5648-10fb][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 500 ]
shibd.log (on our side) the last action was (which is correct)...
2015-05-22 20:16:50 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [92]: marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://shibsp.acmewidget.com/customer1/Shibboleth.sso/SAML2/POST" Destination="https://customer.idp.com/affwebservices/public/saml2sso" ID="_6e459925ae82dab6d2dd3d83de95fffc" IssueInstant="2015-05-22T20:16:50Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https:// shibsp.acmewidget.com/customer1/shibboleth</saml:Issuer><samlp:NameIDPolicy<https://collaboration-sso.cfer.com/nvidia/shibboleth%3c/saml:Issuer%3e%3csamlp:NameIDPolicy> AllowCreate="1"/></samlp:AuthnRequest>
2015-05-22 20:16:50 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [92]: message encoded, sending redirect to client
Any thoughts from anyone that might have encountered this issue with any other IDP provider or CA SiteMinder?
Thanks
Raja B.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150526/6f58100e/attachment.html>
More information about the users
mailing list