000013823 - FIM not able to handle authentication cycles taking longer then 5 minutes

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013823
Applies ToFIM 3.1.2
IssueException: " Unable to process the Response message"
User authentication cycle taking longer then 5 minutes
Cause

I has been reported that FIM 3.1.2 has issues handling authentication request that take longer then 5 minutes to complete. If a end user takes longer than this time to provide its credential, the authentication attempt will fail.

On the SP side of things the following stacktrace would appear in FIM's log:

2008-06-20 16:30:04,943, (SSOHelper.java:607), cls-wlg-sa-d2, , , , Unable to process the Response message, com.rsa.fim.exception.ProfileException: The SAML Response issuer is not the same entity to whom the corresponding request was sent
                at com.rsa.fim.profile.util.ProfileHelper.checkResponseIssuer(ProfileHelper.java:1752)
                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1476)
                at com.rsa.fim.profile.sso.SSOProfile_5wyj3w_EOImpl.processResponse(SSOProfile_5wyj3w_EOImpl.java:46)
                at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:64)

The above mentioned timeout of 5 minutes was hardcoded within FIM and could not be changed.

ResolutionA fix has been provided so that the timeout is now configurable. Please contact customer support and ask for FIM 3.1.2.004. As of this writing this limitation will also be addressed in FIM 4.0 SP1.
Legacy Article IDa40920

Attachments

    Outcomes