000023142 - A Response sent to FIM 3.0 fails if Consent is not specified

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023142
Applies ToFederated Identity Management Module 3.0
Microsoft Windows 2003 Server
Solaris 9.0 (SPARC)
Red Hat Enterprise Linux 3.0 (ES, x86)
IssueA Response sent to FIM 3.0 fails if Consent is not specified
Error message: Exception encountered at the top-level of the profile bean: null
Error stack trace: com.rsa.fim.profile.sso.SSOProfileException: Exception
encountered at the top-level of the profile bean: null
      at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:2755)
      at com.rsa.fim.profile.sso.SSOProfile_5wyj3w_EOImpl.processResponse(SSOProfile_5wyj3w_EOImpl.java:46)
      at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:64)
Cause

When FIM 3.0 sends a SAML response it always includes an attribute value for Consent even when the default of "urn:oasis:names:tc:SAML:2.0:consent:unspecified" is being used.  Where the default is used it is not required to send as value and the recipient should always assume "urn:oasis:names:tc:SAML:2.0:consent:unspecified".

You can see the consent attribute value in the SAML response which looks like this:

             <samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" .........

FIM 3.0 has a number of traps to monitor and assume the default value but was missing it in one part of the code.

Resolution

A patch has been produced to correct this situation and can be obtained from RSA Customer Support as reference FIM30-20-FT106-B43422-B43282-1.zip (please quote solution a32382 if asking for this fix as this will assist us in supplying the patch as fast as possible to you).

This patch includes installation instructions which involves undeploying, modifying and redeploying the FIM 3.0 application.

NotesThis patch may be found at http://library-sm.na.rsa.net/kits/fim/ce/FIM-HotFix-Summary.htm
Legacy Article IDa32382

Attachments

    Outcomes