[IdP] Error after updating IdP to version 3.5.3

[IdP] Error after updating IdP to version 3.5.3

  
Forge Component
(26)
Published on 4 Jul by Telmo Martins
26 votes
Published on 4 Jul by Telmo Martins

Hi Telmo, we have updated today to the latest version available and now SSO is not woking, everything is set up as it was before, same parameters under Configuration tab. Any idea on what could be wrong?

Thanks in advance,

P.D: I uploaded an attachment.

Hi Juan,

The AuthnMessage seems ok, as is the same in the previous version (since you had not activate to set Destination and ACS on it).

Can you specify what is not working?

Regards

Configuration


Configuration 2

Hi Juan,

From the capture image, the error it's on IdP server side, so it seems that not accepted that Authn message for some reason. In the message log, you should have the 'old' message before the upgrade for the Authn Requests, can you compare them with the new ones to check also if the Issuer is the same on it.

Regards

This is the old Saml Message:


<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id_t20_1c572a1f5c21474cbc91f908674c0f09"
Version="2.0" IssueInstant="2018-07-16T15:10:58.9991947Z">
<saml2:Issuer>https://exxonmobil-tst.outsystemsenterprise.com/IdP/SSO.aspx</saml2:Issuer></saml2p:AuthnRequest>

This is the new:


<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id_t20_cfa212ccd7a948c4889d51db143a6f45" Version="2.0" IssueInstant="2018-07-16T15:02:55.2256536Z" Destination="https://quartz.exxonmobil.com/adfs/ls/"><saml2:Issuer>http://exxonmobil-dev.outsystemsenterprise.com/IdP/SSO.aspx</saml2:Issuer></saml2p:AuthnRequest>

Hi Juan,

There it is. You have the wrong SP issuer configured. it should be with https.// and not http://.

It's on the second tab under SP Issuer / Entity ID.

Before was: https://exxonmobil-tst.outsystemsenterprise.com/IdP/SSO.aspx

Now is: http://exxonmobil-dev.outsystemsenterprise.com/IdP/SSO.aspx


Regards

Hi Telmo, thanks for your quick reply. Now I'm getting the following error message:


Error processing response. Error occurred while decoding OAEP padding.

Hi Juan,

kindly share service center detailed error message, but it seems that may be while decrypting the assertion, that the keystore on configuration second tab is not correctly configured or at least it's related with it.

Regards

Sure, I just attached the logs.

Thanks,

Hi Juan,

That's related with decryption which is failing. For further analysis would need the whole saml response xml as also the configured keystore (that contains the private key...) and respective password.

Regards

Solution

Hi Telmo - thanks for all your help. I was able to fix the issue by uploading the previous Keystore (the one generated before upgrading IdP). I found that keystore saved on my machine, I uploaded that file and it's working properly again.

Thanks,

Solution