CA SSO : WAOP : Error Parsing SAML Assertion at SP.

Document ID : KB000005456
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Customer is using siteminder as SP and using SP initiated SAML 2.0 transaction. Partnership federation being used for the configuration.

While running the SP Initiated transaction, IDP was able to send the SAML response successfully to SP but Siteminder was giving below error while parsing the SAMLResponse:

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][AssertionConsumer.java][processSAMLResponse][Could not parse SAMLresponse. Error message: null]

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][AssertionConsumer.java][processSAMLResponse][Ending SAML2AssertionConsumer Service request processing with HTTP error 400]

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][AssertionConsumer.java][processSAMLResponse][Transaction with ID:13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39 failed. Reason:ACS_BAD_SAMLRESPONSE_XML]

[07/23/2013][12:56:22][5328][39][13d9856b-d2f27b78-2a0421cf-a7dc750e-86f232d7-39][ErrorRedirectionHandler.java][redirectToErrorPage][Sending HTTP Error 400]

Environment:
SiteMinder Policy Server R12.51Federation Security Services Option Pack R12.51
Cause:

This is a defect, it was identified when SAML SSO between R6 FSS and R12.5 CR02 failing with "Could not parse SAML response. Error message: null" as well as "ACS_BAD_SAMLRESPONSE_XML". 

Resolution:

This is fixed in r12.52.

Kindly upgrade to CA SSO r12.52 to fix the issue. 

Additional Information:

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52#DefectsFixedin12.52-SAMLSSOFailure