Duet Enterprise errors with SAML Assertion when running CheckConfiguration
During the configuration of the Duet install on the SharePoint server, you run DuetConfig.exe /CheckConfiguration to verify the configuration health and receive the following error:
“Error: The size necessary to buffer the XML content exceeded the buffer quota.”
You may also see the following errors in the ULS log on the SharePoint server:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ServiceModel.QuotaExceededException: The size necessary to buffer the XML content exceeded the buffer quota. Server stack trace:
at System.ServiceModel.Channels.BufferedOutputStream.WriteCore(Byte[] buffer, Int32 offset, Int32 size)
at System.Xml.XmlStreamNodeWriter.FlushBuffer()
at System.Xml.XmlBinaryNodeWriter.FlushBuffer()
at System.Xml.XmlStreamNodeWriter.GetBuffer(Int32 count, Int32& offset)
at System.Xml.XmlBinaryNodeWriter.UnsafeWriteText(Char* chars, Int32 charCount)
at System.Xml.XmlBinaryNodeWriter.WriteText(Char[] chars, Int32 offset, Int32 count)
at System.Xml.XmlBaseWriter.WriteChars(Char[] chars, Int32 offset, Int32 count)
at System.Xml.XmlBinaryWriter.WriteTextNode(XmlDictionaryReader reader, Boolean attribute)
at System.Xml.XmlDictionaryWriter.WriteNode(XmlDictionaryReader reader, Boolean defattr)
at System.ServiceModel.Channels.ReceivedFault.CreateFault12Driver(XmlDictionaryReader reader, Int32 maxBufferSize, EnvelopeVersion version)
at System.ServiceModel.Channels.MessageFault.CreateFault(Message message, Int32 maxBufferSize)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.TryGetSecurityFaultException(Message faultMessage, Exception& faultException)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown
at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at BCSServiceProxy.IWXRead_UserRoles_in.employeeGetAll(employeeGetAllRequest request)
at BCSServiceProxy.WXRead_UserRoles_inClient.BCSServiceProxy.IWXRead_UserRoles_in.employeeGetAll(employeeGetAllRequest request)
at BCSServiceProxy.WXRead_UserRoles_inClient.employeeGetAll(GetAllRequest GetAllRequest) -
-- End of inner exception stack trace ---
at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at Microsoft.SharePoint.BusinessData.SystemSpecific.Wcf.WcfSystemUtility.Execute(Object[] args)
The error we see above in the ULS log is a SharePoint side generated WCF error because the error text that we received from the SAP system is larger than our buffer size. Keep in mind that this is not the real error that we are looking for, this is a generic error that is displayed on the SharePoint server due to the large error being returned by SAP. The real error is found by executing SAP transaction SRT_UTIL, SAP’s Tracing Utilities for Web Services, and looking at the captured information in the payload trace. In this case the following errors were logged:
If you drill down into the Error text from the above exceptions you will see the following, which is the real error that allows us to determine the root cause of this issue.
“CX_SEC_SXML_ERROR:An exception has occurred. An exception occurred:Error in ST program SEC_SAML_ASSERTION_IN when importing XML data. Error in ST program SEC_SAML_ASSERTION_IN when importing XML data. SSFW_KRN_VERIFY failed with: verification failed, see decrypted digest.”
Cause:
The system time on the SharePoint Server and the SAP system are not in sync or in the allotted window of time difference.
Resolution:
Ensure that the SharePoint and SAP systems have their system time in-sync with each other. Additionally, you may also want to verify that the system time for each of the servers is correct for the location of the server and that they are not being set incorrectly to a different timezone/offset.