|Applies To||Federated Identity Management Module 3.0|
Microsoft Windows 2003 Server
Solaris 9.0 (SPARC)
Red Hat Enterprise Linux 3.0 (ES, x86)
|Issue||A Response sent to FIM 3.0 fails if Consent is not specified|
Error message: Exception encountered at the top-level of the profile bean: null
Error stack trace: com.rsa.fim.profile.sso.SSOProfileException: Exception
encountered at the top-level of the profile bean: null
When FIM 3.0 sends a SAML response it always includes an attribute value for Consent even when the default of "urn:oasis:names:tc:SAML:2.0:consent:unspecified" is being used. Where the default is used it is not required to send as value and the recipient should always assume "urn:oasis:names:tc:SAML:2.0:consent:unspecified".
You can see the consent attribute value in the SAML response which looks like this:
<samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" .........
FIM 3.0 has a number of traps to monitor and assume the default value but was missing it in one part of the code.
A patch has been produced to correct this situation and can be obtained from RSA Customer Support as reference FIM30-20-FT106-B43422-B43282-1.zip (please quote solution a32382 if asking for this fix as this will assist us in supplying the patch as fast as possible to you).
This patch includes installation instructions which involves undeploying, modifying and redeploying the FIM 3.0 application.
|Notes||This patch may be found at http://library-sm.na.rsa.net/kits/fim/ce/FIM-HotFix-Summary.htm|
|Legacy Article ID||a32382|