Layer7 Access Management

Expand all | Collapse all

SAML response sent without certificate

  • 1.  SAML response sent without certificate

    Posted 04-19-2019 01:02 AM

    Hi,

     

    I recently upgraded my infra to 12.8 post which I am facing an issue wherein the SAML response being sent to the SP ACS url does not contain certificate. Even though the configurations done in Admin UI has certificate mapped with it and set as Sign Assertion.

    PFB the logs from FWSTrace,

     

    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][doGet][Query String: SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getAuthnRequestData][AuthnRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" Version="2.0" IssueInstant="2019-04-19T03:56:35.927Z" Destination="https://fssacc.ericsson.se/affwebservices/public/saml2sso?SPID=RSSO_IT_ACC_IDP" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">RSSO_IT_ACC_IDP</saml:Issuer> <samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/> </samlp:AuthnRequest>]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getAuthnRequestDataCommon][RequestID: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getAuthnRequestDataCommon][RequestID _96e6ec53-272c-4df5-8b5c-3301110ba3dd maps to TransactionID: 1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441.]
    [04/19/2019][03:56:36][28478][89811824][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:36][28478][89811824][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Reading SAML 2.0 SP Configuration [CHECKPOINT = SSOSAML2_SPCONFREAD_REQ]]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][Trying to fetch SAML2.0 SP Configuration from cache [CHECKPOINT = SAML2_SPCONFFROMCACHE_REQ]]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][Provider ID: RSSO_IT_ACC_IDP.]
    [04/19/2019][03:56:36][28478][89811824][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:36][28478][89811824][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 0, ]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][Provider Info: {EncryptAssertion=0, AcceptIncomingAcsUrl=0, AssertionConsumerSvcURL_0=0|HTTP-Post|https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver, IdPSourceID=64a79c46cbfb29af004455e03fd2db9be2eab1c1, ReuseSessionIndex=0, GUIDCookieValidityDuration=180, TargetOpenCookieEncPassword=<Value not shown>, IsActive=1, MniRequireEncryptedNameID=0, HidingMask=1, PartnershipSource=3, EnableAuthnRequestRedirect=1, BackChannelAuthType=2, Domain=@03-2f3e87c8-6a11-4aab-849f-aa6d38c15799, SLOServiceValidityDuration=60, UnauthorizedAccessRedirectMode=0, KEY_SPID=RSSO_IT_ACC_IDP, EnableSLOSOAPBinding=0, AttrSvcValidityDuration=60, ArtifactEncoding=URL, EnableSSOPostBinding=1, EnableServerErrorURL=0, Policy=@04-0b21126c-d5e1-457e-8294-b26b7911e602, AssertionConsumerSvcRowCount=1, RequireSignedArtifactResolve=0, MniSignRequest=0, AttrSvcEnableProxiedQuery=0, EnableIPD=0, Password=<Value not shown>, EncryptionBlockAlgorithm=tripledes, PostSignatureOption=0, CustomTimeout=60, MniRequireSignedResponse=0, SignArtifactResponse=0, EnableAttributeService=1, AllowTransactionType=3, EnableAuthnRequestPost=0, AuthnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:Password, MniSOAPTimeout=60, Realm=@06-6eea2238-a83d-4544-b797-0da747425beb, OutgoingBackChannelAuthType=2, EnableSLORedirectBinding=0, OneTimeUse=0, MniRequireSignedRequest=0, CompareUserDNForSMC=1, DisableSignatureProcessing=0, EnableSMC=0, AssertionConsumerDefaultURL=https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver, MniRetryBoundary=15, MniEnableSOAPBinding=0, MniRetryCount=3, ProvOpenCookieEncPassword=<Value not shown>, EnforceForceAuthnSessionTimeouts=0, NameIdType=1, NameIdAttrName=sAMAccountName, LegacyArtifactProtEnabled=0, AttrSvcPartnershipAAProtEnabled=1, Oid=21-a1b41bd9-9e65-4956-9f8c-97c949c92817, EncryptNameIDForSLOSOAP=0, DelegatedAuthHashSecret=<Value not shown>, MniEncryptNameID=0, MniNotificationAuthType=1, MniAllowUserSelfService=0, MniEnableNotification=0, MniEnablePostBinding=0, SAMLMajorVersion=2, DelegatedAuthSecret=<Value not shown>, AttrSvcSignAssertion=0, MniNotifyUserName=*, RequireSignedAuthnRequests=0, OpenCookieEncryptionPassword=<Value not shown>, SessionNotOnOrAfterType=0, MniSignResponse=0, EncryptionKeyAlgorithm=rsa-v15, AllowCreationOfUserIdentifier=0, InvalidRequestRedirectMode=0, UnauthorizedAccessRedirectURL=, OutgoingPassword=<Value not shown>, EnableSSOArtifactBinding=0, SkewTime=30, NameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, ValidityDuration=60, MniDeleteNameID=0, ProxyServer=https://fssacc.ericsson.se, AuthenticationType=1, NetegrityAffiliateMinderAuthURL=https://fssacc.ericsson.se/siteminderagent/redirectjsp/globallogon-se.jsp, PersistentCookie=0, EnableInvalidRequestURL=0, IdPID=https://fssacc.ericsson.com, IncomingPassword=<Value not shown>, EnableNegAuthResp=0, UseStateCookie=1, AuthnContextType=1, ServerErrorRedirectMode=0, InvalidRequestRedirectURL=, AllowOFCAuthnContextOverride=0, MniNotifyPassword=<Value not shown>, AttrSvcRequireSignedQuery=0, EncryptNameID=0, MniEnableRedirectBinding=0, ArtifactSignatureOption=3, SAMLMinorVersion=0, EnableSSOECPProfile=0, IgnoreRequestedAuthnContext=0, SignatureAlgo=1, DSigningAlias=fssacc8privatekey, AssertionConsumerSvcDefaultIndex=0, AuthenticationLevel=5, Name=iotmprsso, AuthnContextRowCount=0, AttrSvcLegacyAAProtEnabled=0, EnableUserConsent=0, MniNotifyTimeout=60, PartnershipArtifactProtEnabled=1, AttrSvcSignResponse=0, EnableUnauthorizedRequestURL=0, UseSecureAuthURL=0, RelayStateOverridesSloConfirm=0, ServerErrorRedirectURL=}]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from policy server for: RSSO_IT_ACC_IDP.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][encryptProviderPasswords][Encrypted password for attribute MniNotifyPassword]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from cache for: RSSO_IT_ACC_IDP.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][ProviderID: RSSO_IT_ACC_IDP]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][IsPassive: false]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][ForceAuthn: false]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][isSetAssertionConsumerServiceIndex: false]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][AssertionConsumerServiceIndex: 0]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][RelayState: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][authResult: null]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][determineAssertionConsumerURL][Using AssertionConsumerService: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][AffiliateName: iotmprsso]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][RealmOID: 06-6eea2238-a83d-4544-b797-0da747425beb]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Request to validate the session [CHECKPOINT = SSOSAML2_SESSIONCOOKIEVALIDATE_REQ]]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][getSessionData][Request does not have any cookies.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][isValidSession][No SESSION cookie on request.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Force Authn is disabled.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Current session state is: false]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Current session is not a valid session.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Session cookie does not exists. redirecting to authentication url [CHECKPOINT = SSOSAML2_AUTHENTICATIONURL_REDIRECT]]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getLocalServiceURL][Enter getLocalServiceURL]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getLocalServiceURL][Using Proxy URL for local SSO service: https://fssacc.ericsson.se/affwebservices/public/saml2sso]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processAuthentication][Not using secure authentication URL.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processAuthentication][SAMLTransactionID af76371d-88124339-881334d2-082d2f27-778e23a2-276 maps to TransactionID: 1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441.]
    [04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processAuthentication][SAML2 Single Sign-On Service redirecting to authentication URL: https://fssacc.ericsson.se/siteminderagent/redirectjsp/globallogon-se.jsp?SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd&SMPORTALURL=https%3A%2F%2Ffssacc.ericsson.se%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=af76371d-88124339-881334d2-082d2f27-778e23a2-276.]
    [04/19/2019][03:56:39][28478][88922992][][agentcommon][][The Configuration Management thread is calling doManagement()]
    [04/19/2019][03:56:39][28478][88922992][][agentcommon][][There are doManagement messages]
    [04/19/2019][03:56:43][28478][80784240][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:43][28478][80784240][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][doGet][SAML2 Single Sign-On Service received GET request.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][doRequestLog][Requesting Host IP: 153.88.244.5 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][doGet][Query String: SMASSERTIONREF=QUERY&SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd&SAMLTRANSACTIONID=af76371d-88124339-881334d2-082d2f27-778e23a2-276]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][doGet][SAMLTransactionID af76371d-88124339-881334d2-082d2f27-778e23a2-276 maps to TransactionID: 17677402-36c99e08-78776f58-a1288925-ce19fc5e-340.]
    [04/19/2019][03:56:43][28478][80784240][][DelegatedAuthHelper][getCookie][Cookie Name: BIGipServerWAM_ACC_FSS]
    [04/19/2019][03:56:43][28478][80784240][][DelegatedAuthHelper][getCookie][Cookie Name: target]
    [04/19/2019][03:56:43][28478][80784240][][DelegatedAuthHelper][getCookie][Cookie Name: SMSESSION]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getAuthnRequestData][AuthnRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" Version="2.0" IssueInstant="2019-04-19T03:56:35.927Z" Destination="https://fssacc.ericsson.se/affwebservices/public/saml2sso?SPID=RSSO_IT_ACC_IDP" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">RSSO_IT_ACC_IDP</saml:Issuer> <samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/> </samlp:AuthnRequest>]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getAuthnRequestDataCommon][RequestID: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getAuthnRequestDataCommon][RequestID _96e6ec53-272c-4df5-8b5c-3301110ba3dd maps to TransactionID: 17677402-36c99e08-78776f58-a1288925-ce19fc5e-340.]
    [04/19/2019][03:56:43][28478][80784240][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:43][28478][80784240][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Reading SAML 2.0 SP Configuration [CHECKPOINT = SSOSAML2_SPCONFREAD_REQ]]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SAML2Base.java][getServiceProviderInfo][Trying to fetch SAML2.0 SP Configuration from cache [CHECKPOINT = SAML2_SPCONFFROMCACHE_REQ]]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from cache for: RSSO_IT_ACC_IDP.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from cache for: RSSO_IT_ACC_IDP.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][ProviderID: RSSO_IT_ACC_IDP]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][IsPassive: false]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][ForceAuthn: false]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][isSetAssertionConsumerServiceIndex: false]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][AssertionConsumerServiceIndex: 0]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][RelayState: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][authResult: null]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][determineAssertionConsumerURL][Using AssertionConsumerService: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][AffiliateName: iotmprsso]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][RealmOID: 06-6eea2238-a83d-4544-b797-0da747425beb]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Request to validate the session [CHECKPOINT = SSOSAML2_SESSIONCOOKIEVALIDATE_REQ]]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Found SESSION cookie: SMSESSION]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Trying to validate using SMSESSION cookie.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Session ID is: Y3XAeDqGJwow6D7qeBDVz4rYwSo=]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Session Spec is: stiwGd3Ywe6jTX0GTmyHICI63PQo1IY8ghN1uCpOrG+Vk/56YJAWTxplBwD2n5T05Ytvjpg6PVnX9XxgBXrtnwUmLIht3jo8M0uAzVxxz5kqnqzIPm5aCzYV9yhNrR71wxKfZhcnxphQFIisM+TAFYK+W+CKIQmM7RbG5gHFzw4mVw0bQbEDFpJiPTNuT+FiSw9x7n+Ag5rpT3+ajIR6MfBXc/Sp1X7UNEh3FfCmQDAklY9o7HCmMsU9atu4QOtoFDB1qWfaWZcDAAy3urfDwYUd85VnQIG2HwW1iy0A+0n7Jd5Z8bDyz15siyv7vRlT/ksVXaxEVi36QiGS3ZEvE8Zqnkp29FynmL6o1alvlbhHIcWRuvEH2wFxiMU+w50y8i0RgZr6EDUtTPjItkyDU1yGU3wh1dAB3KDTjWmq6vvJziGMoCaWEykjwPhlK5Mwm8c6X3346Rk9LDKU8bZ6LuFldfswhQ1z]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isSessionIdle][Verifying validity of session cookie [SMSESSION] retrieved]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isSessionIdle][returning false]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Calling login to validate SMSESSION cookie data.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Result of login call is: 1.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Request has valid SMSESSION cookie.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Force Authn is disabled.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Current session state is: true]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processApplicationRedirect][No application URL defined - not redirecting.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getLocalServiceURL][Enter getLocalServiceURL]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getLocalServiceURL][Using Proxy URL for local SSO service: https://fssacc.ericsson.se/affwebservices/public/saml2sso]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getACSURLFromSSORequestContext][Using the Assertion Consumer Service URL provided: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Enforce Force Authn Timeouts is set to: false]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][resource is: /SMASSERTIONREF=QUERY&SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd&SAMLTRANSACTIONID=af76371d-88124339-881334d2-082d2f27-778e23a2-276&SSOUrl=https://fssacc.ericsson.se/affwebservices/public/saml2sso&Oid=21-a1b41bd9-9e65-4956-9f8c-97c949c92817]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][resolved variable list is: <RVARS><Var name="ConsumerURL" rtype="3"><![CDATA[https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]]></Var><Var name="FederationAPIVersion" rtype="2"><![CDATA[1]]></Var></RVARS>]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Calling authorizeEx to invoke SAML2 assertion generator.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Request to policy server for generating saml2 assertion/artifact based on selected profile. [CHECKPOINT = SSOSAML2_GENERATEASSERTIONORARTIFACT_REQ]]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Transient IP check: false]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Result of authorizeEx call is: 1.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Received the assertion/artifact response based on profile selected. [CHECKPOINT = SSOSAML2_RECEIVEDASSERTION_RSP]]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Not enforcing ForceAuthnTimeouts.]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=<Response Destination="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver" ID="_252e5f770755be23d3a6741c951a092522f6" InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">https://fssacc.ericsson.com</ns1:Issuer>
    <Status>
    <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </Status>
    <ns2:Assertion ID="_22e1f8c94c310c95d7a5da42ecfc9bbe067e" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion">
    <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://fssacc.ericsson.com</ns2:Issuer>
    <ns2:Subject>
    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">EADDGHK</ns2:NameID>
    <ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
    <ns2:SubjectConfirmationData InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" NotOnOrAfter="2019-04-19T03:58:11Z" Recipient="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"/>
    </ns2:SubjectConfirmation>
    </ns2:Subject>
    <ns2:Conditions NotBefore="2019-04-19T03:56:11Z" NotOnOrAfter="2019-04-19T03:58:11Z">
    <ns2:AudienceRestriction>
    <ns2:Audience>RSSO_IT_ACC_IDP</ns2:Audience>
    </ns2:AudienceRestriction>
    </ns2:Conditions>
    <ns2:AuthnStatement AuthnInstant="2019-04-19T03:56:41Z" SessionIndex="Y3XAeDqGJwow6D7qeBDVz4rYwSo=lWfR9Q==" SessionNotOnOrAfter="2019-04-19T03:58:11Z">
    <ns2:AuthnContext>
    <ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
    </ns2:AuthnContext>
    </ns2:AuthnStatement>
    <ns2:AttributeStatement>
    <ns2:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <ns2:AttributeValue>pankaj.o.sharma@ericsson.com</ns2:AttributeValue>
    </ns2:Attribute>
    </ns2:AttributeStatement>
    </ns2:Assertion>
    </Response>
    .]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getACSURLFromSSORequestContext][Using the Assertion Consumer Service URL provided: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][sendSAMLResponse][AssertionConsumerURL: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][sendSAMLResponse][SAML2 Single Sign-On Service sending SAML Response: <Response Destination="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver" ID="_252e5f770755be23d3a6741c951a092522f6" InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">https://fssacc.ericsson.com</ns1:Issuer>
    <Status>
    <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </Status>
    <ns2:Assertion ID="_22e1f8c94c310c95d7a5da42ecfc9bbe067e" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion">
    <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://fssacc.ericsson.com</ns2:Issuer>
    <ns2:Subject>
    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">EADDGHK</ns2:NameID>
    <ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
    <ns2:SubjectConfirmationData InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" NotOnOrAfter="2019-04-19T03:58:11Z" Recipient="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"/>
    </ns2:SubjectConfirmation>
    </ns2:Subject>
    <ns2:Conditions NotBefore="2019-04-19T03:56:11Z" NotOnOrAfter="2019-04-19T03:58:11Z">
    <ns2:AudienceRestriction>
    <ns2:Audience>RSSO_IT_ACC_IDP</ns2:Audience>
    </ns2:AudienceRestriction>
    </ns2:Conditions>
    <ns2:AuthnStatement AuthnInstant="2019-04-19T03:56:41Z" SessionIndex="Y3XAeDqGJwow6D7qeBDVz4rYwSo=lWfR9Q==" SessionNotOnOrAfter="2019-04-19T03:58:11Z">
    <ns2:AuthnContext>
    <ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
    </ns2:AuthnContext>
    </ns2:AuthnStatement>
    <ns2:AttributeStatement>
    <ns2:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <ns2:AttributeValue>pankaj.o.sharma@ericsson.com</ns2:AttributeValue>
    </ns2:Attribute>
    </ns2:AttributeStatement>
    </ns2:Assertion>
    </Response>
    .]
    [04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][sendSAMLResponse][SAML2 Single Sign-On Service sending base64 SAML Response: PFJlc3BvbnNlIERlc3RpbmF0aW9uPSJodHRwczovL2l0YWNjLXJzc28uc3Muc3cuZXJpY3Nzb24u
    c2UvcnNzby9yZWNlaXZlciIgSUQ9Il8yNTJlNWY3NzA3NTViZTIzZDNhNjc0MWM5NTFhMDkyNTIy
    ZjYiIEluUmVzcG9uc2VUbz0iXzk2ZTZlYzUzLTI3MmMtNGRmNS04YjVjLTMzMDExMTBiYTNkZCIg
    SXNzdWVJbnN0YW50PSIyMDE5LTA0LTE5VDAzOjU2OjQyWiIgVmVyc2lvbj0iMi4wIiB4bWxucz0i
    dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj4KICAgIDxuczE6SXNzdWVyIEZv
    cm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5IiB4
    bWxuczpuczE9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8v
    ZnNzYWNjLmVyaWNzc29uLmNvbTwvbnMxOklzc3Vlcj4KICAgIDxTdGF0dXM+CiAgICAgICAgPFN0
    YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2Vz
    cyIvPgogICAgPC9TdGF0dXM+CiAgICA8bnMyOkFzc2VydGlvbiBJRD0iXzIyZTFmOGM5NGMzMTBj
    OTVkN2E1ZGE0MmVjZmM5YmJlMDY3ZSIgSXNzdWVJbnN0YW50PSIyMDE5LTA0LTE5VDAzOjU2OjQy
    WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpuczI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDph
    c3NlcnRpb24iPgogICAgICAgIDxuczI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRj
    OlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2Zzc2FjYy5lcmljc3Nvbi5j
    b208L25zMjpJc3N1ZXI+CiAgICAgICAgPG5zMjpTdWJqZWN0PgogICAgICAgICAgICA8bnMyOk5h
    bWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVu
    c3BlY2lmaWVkIj5FQURER0hLPC9uczI6TmFtZUlEPgogICAgICAgICAgICA8bnMyOlN1YmplY3RD
    b25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVy
    Ij4KICAgICAgICAgICAgICAgIDxuczI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25z
    ZVRvPSJfOTZlNmVjNTMtMjcyYy00ZGY1LThiNWMtMzMwMTExMGJhM2RkIiBOb3RPbk9yQWZ0ZXI9
    IjIwMTktMDQtMTlUMDM6NTg6MTFaIiBSZWNpcGllbnQ9Imh0dHBzOi8vaXRhY2MtcnNzby5zcy5z
    dy5lcmljc3Nvbi5zZS9yc3NvL3JlY2VpdmVyIi8+CiAgICAgICAgICAgIDwvbnMyOlN1YmplY3RD
    b25maXJtYXRpb24+CiAgICAgICAgPC9uczI6U3ViamVjdD4KICAgICAgICA8bnMyOkNvbmRpdGlv
    bnMgTm90QmVmb3JlPSIyMDE5LTA0LTE5VDAzOjU2OjExWiIgTm90T25PckFmdGVyPSIyMDE5LTA0
    LTE5VDAzOjU4OjExWiI+CiAgICAgICAgICAgIDxuczI6QXVkaWVuY2VSZXN0cmljdGlvbj4KICAg
    ICAgICAgICAgICAgIDxuczI6QXVkaWVuY2U+UlNTT19JVF9BQ0NfSURQPC9uczI6QXVkaWVuY2U+
    CiAgICAgICAgICAgIDwvbnMyOkF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICAgICAgPC9uczI6Q29u
    ZGl0aW9ucz4KICAgICAgICA8bnMyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxOS0w
    NC0xOVQwMzo1Njo0MVoiIFNlc3Npb25JbmRleD0iWTNYQWVEcUdKd293NkQ3cWVCRFZ6NHJZd1Nv
    PWxXZlI5UT09IiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE5LTA0LTE5VDAzOjU4OjExWiI+CiAg
    ICAgICAgICAgIDxuczI6QXV0aG5Db250ZXh0PgogICAgICAgICAgICAgICAgPG5zMjpBdXRobkNv
    bnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNz
    d29yZDwvbnMyOkF1dGhuQ29udGV4dENsYXNzUmVmPgogICAgICAgICAgICA8L25zMjpBdXRobkNv
    bnRleHQ+CiAgICAgICAgPC9uczI6QXV0aG5TdGF0ZW1lbnQ+CiAgICAgICAgPG5zMjpBdHRyaWJ1
    dGVTdGF0ZW1lbnQ+CiAgICAgICAgICAgIDxuczI6QXR0cmlidXRlIE5hbWU9IkVtYWlsIiBOYW1l
    Rm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3Bl
    Y2lmaWVkIj4KICAgICAgICAgICAgICAgIDxuczI6QXR0cmlidXRlVmFsdWU+cGFua2FqLm8uc2hh
    cm1hQGVyaWNzc29uLmNvbTwvbnMyOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgICAgICA8L25zMjpB
    dHRyaWJ1dGU+CiAgICAgICAgPC9uczI6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPC9uczI6QXNz
    ZXJ0aW9uPgo8L1Jlc3BvbnNlPgo=.]

     

    Same config was working fine in earlier version.



  • 2.  Re: SAML response sent without certificate

    Posted 04-19-2019 03:49 PM

    Hi PankajSh0,

     

    Perhaps I'm missing something. I don't recall ever seeing the certificate place in SAML response before. The certs are always pre-shared during metadata exchange when setting up partnership. The SP should already have your certs and you should already have the SP's certs so why do you need to send it again in the SAML response?

     

    regards,

    Zen



  • 3.  Re: SAML response sent without certificate

    Posted 04-22-2019 11:19 PM

    Hi Zen,

     

    In the SAML response generally there is a tag for Signature and X509 Certificate which is missing in my case.

    Yes, the public key of the IDP certificate is shared with SP for making a secure connection which is already done.

    But in this case the SAML response being sent is not getting signed by any certificate and hence the SP is not able to process the response.

     

    Regards,

    Pankaj Sharma