Error when Generating Assertion during Office 365 Integration in the Policy Server logs

Document ID : KB000047979
Last Modified Date : 14/02/2018
Show Technical Document Details


Following the Office 365 integration runbook using SiteMinder as IDP.


When accessing Office365, we get redirected to the WS-Federation SSO service on SPS. After a successfull authentication, an exception is thrown by the Tomcat application server on SPS. The error reported in the FWSTrace.log is:

[][processAssertionGeneration][Denying request due to "NO" returned from WSFED assertion generator.]

>> The associated error in the Policy server traces is :

[Error happens in running Assertionhandler process(). Leaving Assertion Generator Framework.


com.netegrity.assertiongenerator.AssertionGeneratorException: Error generating response. Exception: Error converting assertion to DOM.


Caused by: org.xml.sax.SAXException: fatalErrorXML Parsing Error: Line:10

Column:143 An invalid XML character (Unicode: 0x3) was found in the element

content of the document.


The problem is because the mapping with the ImmutalbleID and the objectguid. SiteMinder is not able read binary attribute and conversion should be done at the directory level and not o the fly at the policy server level. You can check the runbook page 8 - Manual Synchronization Example.

File Attachments: