000012346 - FIM - ClassCastException with SAML 1.1 Attribute audit logging

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012346
Applies ToRSA Federated Identity Manager 4.x
IssueFIM - ClassCastException with SAML 1.1 Attribute audit logging
The exception stack from System.log:
 
[TrxId: -1081489578], 2010-01-13 23:14:16,159, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCNameIDPlugin.java:121), FIMNC, , , , KWC: storeFederatedID fed name = FIMNC\kcurrey
[TrxId: -1081489578], 2010-01-13 23:14:16,159, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCSessionPlugin.java:103), FIMNC, , , , KWC: begin createLocalAuthentication
[TrxId: -1081489578], 2010-01-13 23:14:16,159, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCSessionPlugin.java:109), FIMNC, , , , KWC: cookiename = TESTSPUSER localname = FIMNC\kcurrey
[TrxId: -1081489578], 2010-01-13 23:14:16,159, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCSessionPlugin.java:118), FIMNC, , , , KWC: end createLocalAuthentication
[TrxId: -1081489578], 2010-01-13 23:14:16,190, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCAttrPluginRP.java:78), FIMNC, , , , KWC DEBUG: processAttrs()
[TrxId: -1081489578], 2010-01-13 23:14:16,190, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCAttrPluginRP.java:101), FIMNC, , , , KWC: data = ;level;platinum
[TrxId: -1081489578], 2010-01-13 23:14:16,190, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (KWCAttrPluginRP.java:71), FIMNC, , , , KWC: creating cookie: FIM_DATA %3Blevel%3Bplatinum .kevin.com /
[TrxId: -1081489578], 2010-01-13 23:14:16,190, [ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', (SSOHelper.java:632), FIMNC, , , , SSO top-level profile exception: , java.lang.ClassCastException: com.rsa.fim.saml11.SAMLAttribute
 at com.rsa.fim.profile.util.AuditHelper.makeAttributesAuditString(AuditHelper.java:262)
 at com.rsa.fim.profile.sso.SSOAuditHelper.makeAttributesAuditString(SSOAuditHelper.java:223)
 at com.rsa.fim.profile.sso.SSOAuditHelper.auditProcessResponse(SSOAuditHelper.java:263)
 at com.rsa.fim.profile.sso.SAML11SSOService.processRelyingPartyMode(SAML11SSOService.java:735)
 at com.rsa.fim.profile.sso.SSOProfileBean.processRelyingPartyMode(SSOProfileBean.java:303)
 at com.rsa.fim.profile.common.FIMProfileBean.processRelyingPartyMode(FIMProfileBean.java:84)
 at com.rsa.fim.profile.common.FIMProfile_mzkd72_EOImpl.processRelyingPartyMode(FIMProfile_mzkd72_EOImpl.java:1237)
 at com.rsa.fim.servlet.sso.SAML11AssertionConsumerServiceServlet.doGet(SAML11AssertionConsumerServiceServlet.java:74)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(Unknown Source)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
CauseThere was an error in the audit logging code for SAML 1.1 when processing attributes in an assertion. 
ResolutionThis problem has been resolved in hotfix HF 23 for FIM 4.0 and HF 23 for FIM 4.1.  Please contact RSA Customer Support and request this hotfix or later as these hotfixes are cumulative.
WorkaroundAudit logging for SAML 1.1 was added in FIM 4.0  Hot fix 20 and FIM 4.1 Hotfix 22
Legacy Article IDa49524

Attachments

    Outcomes