SiteMinder Federation proudcts, which use the Web Agent Option Pack, do not support the use of the Cookie Provider for federated configurations.
Symptom:
Back channel processing fails when you use the client certificate option to protect the back channel. The failure impacts all profiles that use the back channel, including HTTP-Artifact single sign-on and SAML 2.0 Single Logout over SOAP.
Failures occur under the following conditions:
Solution:
The following solutions are available:
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
Note: The Apache solution applies only to partnership federation.
The OCSPUpdater used for federation certificate validity checking cannot sign OCSP requests using the SHA-224 algorithm. The updater can only sign with the SHA-256, SHA-384, and SHA-512 algorithms.
Symptom:
You are doing a console mode installation of a SiteMinder product on a Solaris platform. The following error message displays: "Unable to install the Java Virtual Machine included with this installer."
Solution:
Ignore this error message. The error is a third-party issue and it has no functional impact.
Symptom:
On the JBoss 5.1.2 server, system JARs are overriding application-specific JARs, such as those JARs for the Web Agent Option Pack.
Solution:
Prevent the Web Agent Option Pack XML API files from being overwritten by JBOSS system JARS.
Important! This workaround only applies to the supported version of JBOSS 5.1.2.
Add the following filter package in two places in the war-deployers-jboss-beans.xml file:
<property name="filteredPackages">javax.servlet,org.apache.commons. logging,javax.xml.parsers,org.xml.sax,org.w3c.dom</property>
The filter package allows the use of the Web Agent Option Pack XML API files instead of the JBOSS system files.
Follow these steps:
/deployers/jbossweb.deployer/META-INF/
<property name="filteredPackages">javax.servlet,org.apache. commons.logging</property>
<property name="filteredPackages">javax.servlet,org.apache.commons. logging,javax.xml.parsers,org.xml.sax,org.w3c.dom</property>
This entry in the file is on one line.
Add the filter package in both places in the XML file.
Symptom:
A federation transaction is failing at the asserting party when the federation web services application is deployed on a JBOSS server, version 5.1.0 and higher. An error message indicates one of the following conditions:
Solution:
Deploy affwebservices.war file in an exploded folder under the jboss deploy directory.
Follow these steps:
jar cvf affwebservices.war *
JBOSS_home is the installed location of the JBOSS application server.
Note: Be sure that the affwebservices.war file is not in the deploy directory.
http://fqhn:port_number/affwebservices/assertionretriever
fqhn
Represents the fully qualified host name and
port_number
Specifies the port number of the server where the Federation Web Services application is installed.
SiteMinder legacy and partnership federation do not support directory mapping. The user is tied to the directory they are initially authenticated against. If that directory is not present in the affiliate domain, the authorization fails.
You can install the r12.3 SiteMinder SPS Federation Gateway only in a legacy federation deployment. This release of the gateway is compatible with SiteMinder 12.5.
You cannot use the r12.3 gateway in a 12.5 partnership federation deployment.
Copyright © 2012 CA Technologies.
All rights reserved.
|
|