500 Internal error processing a SAML2 AuthnRequest using POST binding

  • 7005367
  • 19-Feb-2010
  • 26-Apr-2012


Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Linux Novell Identity Server


Third party SAML service provider setup to authenticate against an Access Manager Identity server. When the SAML AuthnRequest came into the Identity Server, the server would respond with a 500 Internal Error as shown below:

GET /nidp/saml2/sso?id=1&sid=2&option=credential&sid=2 HTTP/1.1
Host: misiamdevam1.novell.swk:8443
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=D776B83165E60EDE54074595A893E929;

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1932
Date: Thu, 18 Feb 2010 14:46:03 GMT
Connection: close
The catalina.out debug logs from the Identity server gave no reason for the error.


Enable the 'show card' attribute on the default AUthentication contract.

All contracts defined on the Identity Server had the show card option disabled. Since all incoming requests were from an Access Gateway that specifically referenced a contract, there were no issues seen executing it. With SAML, the service provider did not define any authentication type, so we had to execute the default contract. Before doing this the card needs to be displayed and as there were no cards to display, the 500 error was thrown.