Access Manager "Saml1 SOAP request error: element [saml:AttributeValue: null] missing required text content"

  • 3400980
  • 25-Mar-2008
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Novell Identity Server
Novell Access Management 3 Support Pack 2 applied
SAML 1.1 integration with Netegrity
Netegrity SAML server generating assertions (acting as SAML Identity provider)
Access Manager consuming assertions (acting as SAML service provider)

Situation

Project setup integrating Netegrity and NAM with SAML 1.0 using artifacts. The majority of the setup is working fine but there is a error encountered by the customer when an attributestatement being sent with nested elements - with a name/value using standard single valued strings like name/neil or role/manager, all works great. In the case where the attribute value includes nested XML data with tags (using an < character for example), then our Access Manager service provider throw an exception with the following error visible in the catalina.out file:

"Saml1 SOAP request error: element
[saml:AttributeValue: null] missing required text content"

We throw this exception when we cannot dereference the value in the assertion. The sample attributestatement causing the issue at this particular site involves hierarchy of XML data in the value section

>> AttributeName="SMContent"
>
>AttributeNamespace="http://www.netegrity.com/SiteMinder"
>>
>
>> xmlns:SM="http://www.netegrity.com/SiteMinder">
>
>
>xpUz+BF8nRH84ouFQpgWJMyDdOk=
>1125388975
>3600
>7200
>30
>

>
>140013012319
>140013012319
>

>
>header:SecurityLevel=H
>header:Culture=nb_NOBheader:ssn=22222222222
>header:cn=cnn60509094714
>

>
>

>

>

Resolution

Modify the Netegrity configuration to generate simple content. The default Access Manager implementation, as with many others in this spave, only supports simple content models, and not the nested approach used in the above example by Netegrity.