Error when Generating Assertion during Office 365 Integration in the Policy Server logs

Document ID : KB000047979
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Following the Office 365 integration runbook using SiteMinder as IDP.

Runbook:

https://support.ca.com/phpdocs/1/8231/runbooks/CASM-MSOffice365FederationRunbook-ver1.0.pdf

When accessing Office365, we get redirected to the WS-Federation SSO service on SPS. After a successfull authentication, an exception is thrown by the Tomcat application server on SPS. The error reported in the FWSTrace.log is:

[SSO.java][processAssertionGeneration][Denying request due to "NO" returned from WSFED assertion generator.]

>> The associated error in the Policy server traces is :

[Error happens in running Assertionhandler process(). Leaving Assertion Generator Framework.

Exception:

com.netegrity.assertiongenerator.AssertionGeneratorException: Error generating response. Exception:

com.ca.siteminder.ws.WSWrapperException: Error converting assertion to DOM.

....

Caused by: org.xml.sax.SAXException: fatalErrorXML Parsing Error: Line:10

Column:143 An invalid XML character (Unicode: 0x3) was found in the element

content of the document.

Solution:

The problem is because the mapping with the ImmutalbleID and the objectguid. SiteMinder is not able read binary attribute and conversion should be done at the directory level and not o the fly at the policy server level. You can check the runbook page 8 - Manual Synchronization Example.

File Attachments:
TEC618461.zip