SSL VPN
Reply
sst
Visitor
sst
Posts: 6
Registered: ‎11-12-2009
0

SAML saml-server process crashing

Hi,

 

We have configured multiple SAML servers on our SA6500, to allow the users of different partners log in with their own credentials.

 

In version 6.4R4, users are able to log in fine, but about 2 times daily, we get the following log message, indicating that the 'saml-server' process has crashed :

- Trace Info : * assertion in assert.cc:368, void DSLogSignalHandler(int), SIGSEGV, 11 frames /lib/tls/libc.so.6 [0x2687c8e8] /home/builds/bld14951/install/bin/saml-server [0x807d79a]

 

We didn't pay much attention to this at first, but things got worse :

After upgrading (*) to newer releases, this log message starts showing every 2 minutes, while users start complaining they are not always able to log in on the first try.

 

 

Are there other SAML users that are seeing these 'saml-server' crashes in their logs or have been able to get rid of them ?

 

 

Thanks!

Yves.

 

(*) we tried about every newer release that became available during the past 5 months, without success - we were forced to roll-back to 6.4R4 every time.

Moderator
cbarcellos
Posts: 198
Registered: ‎07-11-2008
0

Re: SAML saml-server process crashing

Hi sst,

 

You'll want to open a case with JTAC for this issue. Our developers will need to look into why you're experiencing this issue.

 

Thanks.

drf
Contributor
drf
Posts: 46
Registered: ‎09-23-2008

Re: SAML saml-server process crashing

We had a similar issue and the cause was the way the SAML server (Ping Identity) output the XML in the SAML assertion. It was sending AttributeValues that were NULL and sent them like below. This caused the IVE to generate an error in the event log. I suggest you open an case with JTAC and get the contents of the SAML assertions that are being sent from your SAML server if you can.

 

 

<saml:AttributeValue/>
sst
Visitor
sst
Posts: 6
Registered: ‎11-12-2009
0

Re: SAML saml-server process crashing

[ Edited ]

Hi cbarcellos,

 

Thank you for your follow-up!

 

We logged the case with JTAC (through our reseller) some months ago (number 2010-0107-0220), and tried various changes since (disabling ssl acceleration, rebooting 2 times after upgrading, failover to the other node, changing to SAML POST,...), but to no avail.

 

An extra issue is that we cannot reproduce the problem on our SA2500 test setup, which means every try-out has a huge  impact on our users and thus has to wait for the next maintenance window, and it also means we cannot trim-down the configuration to exclude various settings.

 

Yves.

sst
Visitor
sst
Posts: 6
Registered: ‎11-12-2009
0

Re: SAML saml-server process crashing

Hi drf,

 

Thank you for this suggestion!

 

With some luck this could allow us to reproduce the problem in our test environment.

I'll have a talk with our SAML experts & keep you informed.

 

Yves.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.