Getting 'failed to gather credentials' when trying to post against WS-Security SAML SV auth scheme. (Legacy_Onyx KB Id: 219340)

Document ID : KB000054847
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

I just upgraded to TxM 6 HF05 and I am using the sample client that ships with TransactionMinder to post an XML doc with a WS-Security SAML Sender Vouches SOAP header but am getting back 'failed to gather credentials'. I see the following errors in the TransactionMinder log:

2005-09-27 16:21:45,775 [ERROR] handler.response.WSSecuritySAMLResponseHandler 83eea8c0-0654-4339a9d5-0c24-020d16dc - Could not do the initial retrieve of enterprise certificate
2005-09-27 16:21:45,775 [ERROR] handler.response.WSSecuritySAMLResponseHandler 83eea8c0-0654-4339a9d5-0c24-020d16dc - Unable to fetch enterprise certificate
and
2005-09-27 16:21:45,775 [WARN] handler.response.WSSecurityUsernameResponseHandler 83eea8c0-0654-4339a9d5-0c24-020d16dc - Found a token type that this handler will not generate

I initially post to a resource protected by the XML DCC auth scheme and have configured response attributes to generate the WS-Security SAML SV SOAP header, but when running a trace and looking at the txm log it does not look like that SOAP header is being generated. Further I see the following exception in the smps.log file on the policy server:

[1780/692][Tue Sep 27 2005 16:21:46][AssertionGeneratorCache.java][ERROR] Can not load class: com.netegrity.ps.response.saml.AssertionHandlerTxMSAML11,
Cause: null,
Exception: null,
Error: java.lang.ClassNotFoundException: com.netegrity.ps.response.saml.AssertionHandlerTxMSAML11
at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:187)
at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274)
at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:141)
at com.netegrity.assertiongenerator.AssertionGeneratorCache.getObject(AssertionGeneratorCache.java:79)
at com.netegrity.assertiongenerator.AssertionGenerator.getAssertionHandler(AssertionGenerator.java:390)
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(AssertionGenerator.java:152)
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:265)
[1780/692][Tue Sep 27 2005 16:21:46][AssertionGenerator.java][ERROR] Bad installation or configuration. Assertion Handler com.netegrity.ps.response.saml.AssertionHandlerTxMSAML11 can't be initialized.

What is wrong?


Solution:

When you upgraded, a new version of the JVMOptions.txt file was created and the old one backed up. This file is located on the policy server where the policy server is installed under the config directory. This new version of the file is missing the path to the tmsigservice.jar file in the classpath. A bug has been filed against this, but you can also fix this file yourself. Add the path to the tmsigservice.jar file to the -Djava.class.path parameter in the JVMOPtions.txt file. The tmsigservice.jar file is located in the siteminder\bin\jars directory below where the policy server is installed.