IDP Error in getting configuration data during SAML transaction

Document ID : KB000111829
Last Modified Date : 21/08/2018
Show Technical Document Details
Issue:
As IDP, in our 12.7 SP2 Policy Server, SAML transactions are failing. We see an exception thrown in the smps log -

[3630/139941835171584][Mon Aug 20 2018 14:39:44][AssertionGenerator.java][ERROR][sm-FedServer-00050] Error in getting configuration data. Leaving Assertion Generator Framework.nStack Trace:njava.lang.Exception: The Federation Web Service didn't send the request with a correct resource! Internal Exception: 
java.lang.IllegalArgumentException: Input byte array has wrong 4-byte ending unit 
at java.util.Base64$Decoder.decode0(Base64.java:704) 
at java.util.Base64$Decoder.decode(Base64.java:526) 
at java.util.Base64$Decoder.decode(Base64.java:549) 
at com.netegrity.assertiongenerator.saml2.AuthnRequestProtocol.init(Unknown Source) 
at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source) 
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) 
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282) 

at com.netegrity.assertiongenerator.saml2.AssertionHandlerSAML20.getConfig(Unknown Source) 
at com.netegrity.assertiongenerator.AssertionGenerator.invoke(Unknown Source) 
at com.netegrity.policyserver.smapi.ActiveExpressionContext.invoke(ActiveExpressionContext.java:282)
Environment:
12.7 SP2 Policy Server
RHEL 6
12.8 Access Gateway
Resolution:
This is a known issue in certain SAML use cases. A fix has been developed and tested. Please contact Support for verification regarding this defect, DE380366, and access to a new assertiongenerator.jar.