Symantec Access Management

Hi,

I recently upgraded my infra to 12.8 post which I am facing an issue wherein the SAML response being sent to the SP ACS url does not contain certificate. Even though the configurations done in Admin UI has certificate mapped with it and set as Sign Assertion.

PFB the logs from FWSTrace,

[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][doGet][Query String: SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getAuthnRequestData][AuthnRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" Version="2.0" IssueInstant="2019-04-19T03:56:35.927Z" Destination="https://fssacc.ericsson.se/affwebservices/public/saml2sso?SPID=RSSO_IT_ACC_IDP" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">RSSO_IT_ACC_IDP</saml:Issuer> <samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/> </samlp:AuthnRequest>]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getAuthnRequestDataCommon][RequestID: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getAuthnRequestDataCommon][RequestID _96e6ec53-272c-4df5-8b5c-3301110ba3dd maps to TransactionID: 1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441.]
[04/19/2019][03:56:36][28478][89811824][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:36][28478][89811824][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Reading SAML 2.0 SP Configuration [CHECKPOINT = SSOSAML2_SPCONFREAD_REQ]]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][Trying to fetch SAML2.0 SP Configuration from cache [CHECKPOINT = SAML2_SPCONFFROMCACHE_REQ]]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][Provider ID: RSSO_IT_ACC_IDP.]
[04/19/2019][03:56:36][28478][89811824][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:36][28478][89811824][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 0, ]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAMLTunnelClient.java][getServiceProviderInfoByID][Provider Info: {EncryptAssertion=0, AcceptIncomingAcsUrl=0, AssertionConsumerSvcURL_0=0|HTTP-Post|https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver, IdPSourceID=64a79c46cbfb29af004455e03fd2db9be2eab1c1, ReuseSessionIndex=0, GUIDCookieValidityDuration=180, TargetOpenCookieEncPassword=<Value not shown>, IsActive=1, MniRequireEncryptedNameID=0, HidingMask=1, PartnershipSource=3, EnableAuthnRequestRedirect=1, BackChannelAuthType=2, Domain=@03-2f3e87c8-6a11-4aab-849f-aa6d38c15799, SLOServiceValidityDuration=60, UnauthorizedAccessRedirectMode=0, KEY_SPID=RSSO_IT_ACC_IDP, EnableSLOSOAPBinding=0, AttrSvcValidityDuration=60, ArtifactEncoding=URL, EnableSSOPostBinding=1, EnableServerErrorURL=0, Policy=@04-0b21126c-d5e1-457e-8294-b26b7911e602, AssertionConsumerSvcRowCount=1, RequireSignedArtifactResolve=0, MniSignRequest=0, AttrSvcEnableProxiedQuery=0, EnableIPD=0, Password=<Value not shown>, EncryptionBlockAlgorithm=tripledes, PostSignatureOption=0, CustomTimeout=60, MniRequireSignedResponse=0, SignArtifactResponse=0, EnableAttributeService=1, AllowTransactionType=3, EnableAuthnRequestPost=0, AuthnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:Password, MniSOAPTimeout=60, Realm=@06-6eea2238-a83d-4544-b797-0da747425beb, OutgoingBackChannelAuthType=2, EnableSLORedirectBinding=0, OneTimeUse=0, MniRequireSignedRequest=0, CompareUserDNForSMC=1, DisableSignatureProcessing=0, EnableSMC=0, AssertionConsumerDefaultURL=https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver, MniRetryBoundary=15, MniEnableSOAPBinding=0, MniRetryCount=3, ProvOpenCookieEncPassword=<Value not shown>, EnforceForceAuthnSessionTimeouts=0, NameIdType=1, NameIdAttrName=sAMAccountName, LegacyArtifactProtEnabled=0, AttrSvcPartnershipAAProtEnabled=1, Oid=21-a1b41bd9-9e65-4956-9f8c-97c949c92817, EncryptNameIDForSLOSOAP=0, DelegatedAuthHashSecret=<Value not shown>, MniEncryptNameID=0, MniNotificationAuthType=1, MniAllowUserSelfService=0, MniEnableNotification=0, MniEnablePostBinding=0, SAMLMajorVersion=2, DelegatedAuthSecret=<Value not shown>, AttrSvcSignAssertion=0, MniNotifyUserName=*, RequireSignedAuthnRequests=0, OpenCookieEncryptionPassword=<Value not shown>, SessionNotOnOrAfterType=0, MniSignResponse=0, EncryptionKeyAlgorithm=rsa-v15, AllowCreationOfUserIdentifier=0, InvalidRequestRedirectMode=0, UnauthorizedAccessRedirectURL=, OutgoingPassword=<Value not shown>, EnableSSOArtifactBinding=0, SkewTime=30, NameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, ValidityDuration=60, MniDeleteNameID=0, ProxyServer=https://fssacc.ericsson.se, AuthenticationType=1, NetegrityAffiliateMinderAuthURL=https://fssacc.ericsson.se/siteminderagent/redirectjsp/globallogon-se.jsp, PersistentCookie=0, EnableInvalidRequestURL=0, IdPID=https://fssacc.ericsson.com, IncomingPassword=<Value not shown>, EnableNegAuthResp=0, UseStateCookie=1, AuthnContextType=1, ServerErrorRedirectMode=0, InvalidRequestRedirectURL=, AllowOFCAuthnContextOverride=0, MniNotifyPassword=<Value not shown>, AttrSvcRequireSignedQuery=0, EncryptNameID=0, MniEnableRedirectBinding=0, ArtifactSignatureOption=3, SAMLMinorVersion=0, EnableSSOECPProfile=0, IgnoreRequestedAuthnContext=0, SignatureAlgo=1, DSigningAlias=fssacc8privatekey, AssertionConsumerSvcDefaultIndex=0, AuthenticationLevel=5, Name=iotmprsso, AuthnContextRowCount=0, AttrSvcLegacyAAProtEnabled=0, EnableUserConsent=0, MniNotifyTimeout=60, PartnershipArtifactProtEnabled=1, AttrSvcSignResponse=0, EnableUnauthorizedRequestURL=0, UseSecureAuthURL=0, RelayStateOverridesSloConfirm=0, ServerErrorRedirectURL=}]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from policy server for: RSSO_IT_ACC_IDP.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][encryptProviderPasswords][Encrypted password for attribute MniNotifyPassword]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from cache for: RSSO_IT_ACC_IDP.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][ProviderID: RSSO_IT_ACC_IDP]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][IsPassive: false]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][ForceAuthn: false]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][isSetAssertionConsumerServiceIndex: false]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][AssertionConsumerServiceIndex: 0]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][RelayState: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][authResult: null]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][determineAssertionConsumerURL][Using AssertionConsumerService: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][AffiliateName: iotmprsso]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][RealmOID: 06-6eea2238-a83d-4544-b797-0da747425beb]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Request to validate the session [CHECKPOINT = SSOSAML2_SESSIONCOOKIEVALIDATE_REQ]]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][getSessionData][Request does not have any cookies.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][FWSBase.java][isValidSession][No SESSION cookie on request.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Force Authn is disabled.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Current session state is: false]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Current session is not a valid session.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processRequest][Session cookie does not exists. redirecting to authentication url [CHECKPOINT = SSOSAML2_AUTHENTICATIONURL_REDIRECT]]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getLocalServiceURL][Enter getLocalServiceURL]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][getLocalServiceURL][Using Proxy URL for local SSO service: https://fssacc.ericsson.se/affwebservices/public/saml2sso]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processAuthentication][Not using secure authentication URL.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processAuthentication][SAMLTransactionID af76371d-88124339-881334d2-082d2f27-778e23a2-276 maps to TransactionID: 1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441.]
[04/19/2019][03:56:36][28478][89811824][1e7385aa-d66b49f5-b1919165-606343ed-a56817d6-441][SSO.java][processAuthentication][SAML2 Single Sign-On Service redirecting to authentication URL: https://fssacc.ericsson.se/siteminderagent/redirectjsp/globallogon-se.jsp?SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd&SMPORTALURL=https%3A%2F%2Ffssacc.ericsson.se%2Faffwebservices%2Fpublic%2Fsaml2sso&SAMLTRANSACTIONID=af76371d-88124339-881334d2-082d2f27-778e23a2-276.]
[04/19/2019][03:56:39][28478][88922992][][agentcommon][][The Configuration Management thread is calling doManagement()]
[04/19/2019][03:56:39][28478][88922992][][agentcommon][][There are doManagement messages]
[04/19/2019][03:56:43][28478][80784240][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:43][28478][80784240][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][doGet][SAML2 Single Sign-On Service received GET request.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][doRequestLog][Requesting Host IP: 153.88.244.5 Request protocol: HTTP/1.1 Request was secure: false Authentication type: null]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][doGet][Query String: SMASSERTIONREF=QUERY&SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd&SAMLTRANSACTIONID=af76371d-88124339-881334d2-082d2f27-778e23a2-276]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][doGet][SAMLTransactionID af76371d-88124339-881334d2-082d2f27-778e23a2-276 maps to TransactionID: 17677402-36c99e08-78776f58-a1288925-ce19fc5e-340.]
[04/19/2019][03:56:43][28478][80784240][][DelegatedAuthHelper][getCookie][Cookie Name: BIGipServerWAM_ACC_FSS]
[04/19/2019][03:56:43][28478][80784240][][DelegatedAuthHelper][getCookie][Cookie Name: target]
[04/19/2019][03:56:43][28478][80784240][][DelegatedAuthHelper][getCookie][Cookie Name: SMSESSION]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getAuthnRequestData][AuthnRequest: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" Version="2.0" IssueInstant="2019-04-19T03:56:35.927Z" Destination="https://fssacc.ericsson.se/affwebservices/public/saml2sso?SPID=RSSO_IT_ACC_IDP" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">RSSO_IT_ACC_IDP</saml:Issuer> <samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/> </samlp:AuthnRequest>]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getAuthnRequestDataCommon][RequestID: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getAuthnRequestDataCommon][RequestID _96e6ec53-272c-4df5-8b5c-3301110ba3dd maps to TransactionID: 17677402-36c99e08-78776f58-a1288925-ce19fc5e-340.]
[04/19/2019][03:56:43][28478][80784240][][agentcommon][][Requesting data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:43][28478][80784240][][agentcommon][][Administration Manager is returning data for ConfigManager ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf and SmAgentConfig ID /opt/app/CA/secure-proxy/sps1/secure-proxy/proxy-engine/conf/defaultagent/WebAgent.conf]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Reading SAML 2.0 SP Configuration [CHECKPOINT = SSOSAML2_SPCONFREAD_REQ]]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SAML2Base.java][getServiceProviderInfo][Trying to fetch SAML2.0 SP Configuration from cache [CHECKPOINT = SAML2_SPCONFFROMCACHE_REQ]]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from cache for: RSSO_IT_ACC_IDP.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SAML2Base.java][getServiceProviderInfo][Obtained service provider information from cache for: RSSO_IT_ACC_IDP.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][ProviderID: RSSO_IT_ACC_IDP]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][IsPassive: false]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][ForceAuthn: false]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][isSetAssertionConsumerServiceIndex: false]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][AssertionConsumerServiceIndex: 0]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][RelayState: _96e6ec53-272c-4df5-8b5c-3301110ba3dd]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][authResult: null]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][determineAssertionConsumerURL][Using AssertionConsumerService: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][AffiliateName: iotmprsso]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][RealmOID: 06-6eea2238-a83d-4544-b797-0da747425beb]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Request to validate the session [CHECKPOINT = SSOSAML2_SESSIONCOOKIEVALIDATE_REQ]]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Checking for valid SESSION cookies.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Found SESSION cookie: SMSESSION]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Trying to validate using SMSESSION cookie.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Session ID is: Y3XAeDqGJwow6D7qeBDVz4rYwSo=]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Session Spec is: stiwGd3Ywe6jTX0GTmyHICI63PQo1IY8ghN1uCpOrG+Vk/56YJAWTxplBwD2n5T05Ytvjpg6PVnX9XxgBXrtnwUmLIht3jo8M0uAzVxxz5kqnqzIPm5aCzYV9yhNrR71wxKfZhcnxphQFIisM+TAFYK+W+CKIQmM7RbG5gHFzw4mVw0bQbEDFpJiPTNuT+FiSw9x7n+Ag5rpT3+ajIR6MfBXc/Sp1X7UNEh3FfCmQDAklY9o7HCmMsU9atu4QOtoFDB1qWfaWZcDAAy3urfDwYUd85VnQIG2HwW1iy0A+0n7Jd5Z8bDyz15siyv7vRlT/ksVXaxEVi36QiGS3ZEvE8Zqnkp29FynmL6o1alvlbhHIcWRuvEH2wFxiMU+w50y8i0RgZr6EDUtTPjItkyDU1yGU3wh1dAB3KDTjWmq6vvJziGMoCaWEykjwPhlK5Mwm8c6X3346Rk9LDKU8bZ6LuFldfswhQ1z]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isSessionIdle][Verifying validity of session cookie [SMSESSION] retrieved]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isSessionIdle][returning false]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Calling login to validate SMSESSION cookie data.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Result of login call is: 1.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][FWSBase.java][isValidSession][Request has valid SMSESSION cookie.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Force Authn is disabled.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processRequest][Current session state is: true]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processApplicationRedirect][No application URL defined - not redirecting.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getLocalServiceURL][Enter getLocalServiceURL]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getLocalServiceURL][Using Proxy URL for local SSO service: https://fssacc.ericsson.se/affwebservices/public/saml2sso]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getACSURLFromSSORequestContext][Using the Assertion Consumer Service URL provided: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Enforce Force Authn Timeouts is set to: false]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][resource is: /SMASSERTIONREF=QUERY&SPID=RSSO_IT_ACC_IDP&SAMLRequest=nVLLbtswEPwVgXfqGTk1YTtQbBQVkDaCpebQi0FRq4aARKpcKm7%2FvpScNo86OXSPu4PZmdldIe%2B7gWWjvVd7%2BDECWu9n3ylk82BNRqOY5iiRKd4DMitYmX2%2BYbEfssFoq4XuiJfv1uSwXMACRJrQ%2BDIW9KJpU%2FqhTgVNkjCKorDmSdMQ7w4MSq3WxDEQ70zliCPkCi1X1qHCaEnDCxotqzBh6YIlqb%2BML78Rb%2Be0SsXtTHZv7YAsCFpELoQPRgpErXyEgLftEWoE8yAFYDCMdSdFMNmLHeSqLJz4fVneHvLqkG23h3xXEO%2BjNgLmVNak5R2C84gFR5QP8LdzporHSK6laqT6%2Fn5%2B9QmE7FNVFbS4LauznBk68ZPNrVY49mDKk5ev%2B5sn49I639Q4Rz6ij8cXEUztwIAAp96QzUS6mgJgc9bm2cXfF8z%2FKCGbV4mtgmd8TwsG9sWRuLl2mf%2F6n89yh%2Bi5fRsd%2BdHckQ1tZygbFQ4gZCvBfVvWdfq4NcCtO5s1I5DgpC749%2FE3vwE%3D&RelayState=_96e6ec53-272c-4df5-8b5c-3301110ba3dd&SAMLTRANSACTIONID=af76371d-88124339-881334d2-082d2f27-778e23a2-276&SSOUrl=https://fssacc.ericsson.se/affwebservices/public/saml2sso&Oid=21-a1b41bd9-9e65-4956-9f8c-97c949c92817]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][resolved variable list is: <RVARS><Var name="ConsumerURL" rtype="3"><![CDATA[https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]]></Var><Var name="FederationAPIVersion" rtype="2"><![CDATA[1]]></Var></RVARS>]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Calling authorizeEx to invoke SAML2 assertion generator.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Request to policy server for generating saml2 assertion/artifact based on selected profile. [CHECKPOINT = SSOSAML2_GENERATEASSERTIONORARTIFACT_REQ]]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Transient IP check: false]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Result of authorizeEx call is: 1.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Received the assertion/artifact response based on profile selected. [CHECKPOINT = SSOSAML2_RECEIVEDASSERTION_RSP]]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Not enforcing ForceAuthnTimeouts.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=<Response Destination="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver" ID="_252e5f770755be23d3a6741c951a092522f6" InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">https://fssacc.ericsson.com</ns1:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<ns2:Assertion ID="_22e1f8c94c310c95d7a5da42ecfc9bbe067e" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion">
<ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://fssacc.ericsson.com</ns2:Issuer>
<ns2:Subject>
<ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">EADDGHK</ns2:NameID>
<ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns2:SubjectConfirmationData InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" NotOnOrAfter="2019-04-19T03:58:11Z" Recipient="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"/>
</ns2:SubjectConfirmation>
</ns2:Subject>
<ns2:Conditions NotBefore="2019-04-19T03:56:11Z" NotOnOrAfter="2019-04-19T03:58:11Z">
<ns2:AudienceRestriction>
<ns2:Audience>RSSO_IT_ACC_IDP</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
<ns2:AuthnStatement AuthnInstant="2019-04-19T03:56:41Z" SessionIndex="Y3XAeDqGJwow6D7qeBDVz4rYwSo=lWfR9Q==" SessionNotOnOrAfter="2019-04-19T03:58:11Z">
<ns2:AuthnContext>
<ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
</ns2:AuthnContext>
</ns2:AuthnStatement>
<ns2:AttributeStatement>
<ns2:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>pankaj.o.sharma@ericsson.com</ns2:AttributeValue>
</ns2:Attribute>
</ns2:AttributeStatement>
</ns2:Assertion>
</Response>
.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][getACSURLFromSSORequestContext][Using the Assertion Consumer Service URL provided: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][sendSAMLResponse][AssertionConsumerURL: https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][sendSAMLResponse][SAML2 Single Sign-On Service sending SAML Response: <Response Destination="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver" ID="_252e5f770755be23d3a6741c951a092522f6" InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
<ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">https://fssacc.ericsson.com</ns1:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<ns2:Assertion ID="_22e1f8c94c310c95d7a5da42ecfc9bbe067e" IssueInstant="2019-04-19T03:56:42Z" Version="2.0" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion">
<ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://fssacc.ericsson.com</ns2:Issuer>
<ns2:Subject>
<ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">EADDGHK</ns2:NameID>
<ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns2:SubjectConfirmationData InResponseTo="_96e6ec53-272c-4df5-8b5c-3301110ba3dd" NotOnOrAfter="2019-04-19T03:58:11Z" Recipient="https://itacc-rsso.ss.sw.ericsson.se/rsso/receiver"/>
</ns2:SubjectConfirmation>
</ns2:Subject>
<ns2:Conditions NotBefore="2019-04-19T03:56:11Z" NotOnOrAfter="2019-04-19T03:58:11Z">
<ns2:AudienceRestriction>
<ns2:Audience>RSSO_IT_ACC_IDP</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
<ns2:AuthnStatement AuthnInstant="2019-04-19T03:56:41Z" SessionIndex="Y3XAeDqGJwow6D7qeBDVz4rYwSo=lWfR9Q==" SessionNotOnOrAfter="2019-04-19T03:58:11Z">
<ns2:AuthnContext>
<ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
</ns2:AuthnContext>
</ns2:AuthnStatement>
<ns2:AttributeStatement>
<ns2:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>pankaj.o.sharma@ericsson.com</ns2:AttributeValue>
</ns2:Attribute>
</ns2:AttributeStatement>
</ns2:Assertion>
</Response>
.]
[04/19/2019][03:56:43][28478][80784240][17677402-36c99e08-78776f58-a1288925-ce19fc5e-340][SSO.java][sendSAMLResponse][SAML2 Single Sign-On Service sending base64 SAML Response: PFJlc3BvbnNlIERlc3RpbmF0aW9uPSJodHRwczovL2l0YWNjLXJzc28uc3Muc3cuZXJpY3Nzb24u
c2UvcnNzby9yZWNlaXZlciIgSUQ9Il8yNTJlNWY3NzA3NTViZTIzZDNhNjc0MWM5NTFhMDkyNTIy
ZjYiIEluUmVzcG9uc2VUbz0iXzk2ZTZlYzUzLTI3MmMtNGRmNS04YjVjLTMzMDExMTBiYTNkZCIg
SXNzdWVJbnN0YW50PSIyMDE5LTA0LTE5VDAzOjU2OjQyWiIgVmVyc2lvbj0iMi4wIiB4bWxucz0i
dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj4KICAgIDxuczE6SXNzdWVyIEZv
cm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5IiB4
bWxuczpuczE9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8v
ZnNzYWNjLmVyaWNzc29uLmNvbTwvbnMxOklzc3Vlcj4KICAgIDxTdGF0dXM+CiAgICAgICAgPFN0
YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2Vz
cyIvPgogICAgPC9TdGF0dXM+CiAgICA8bnMyOkFzc2VydGlvbiBJRD0iXzIyZTFmOGM5NGMzMTBj
OTVkN2E1ZGE0MmVjZmM5YmJlMDY3ZSIgSXNzdWVJbnN0YW50PSIyMDE5LTA0LTE5VDAzOjU2OjQy
WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpuczI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDph
c3NlcnRpb24iPgogICAgICAgIDxuczI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRj
OlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2Zzc2FjYy5lcmljc3Nvbi5j
b208L25zMjpJc3N1ZXI+CiAgICAgICAgPG5zMjpTdWJqZWN0PgogICAgICAgICAgICA8bnMyOk5h
bWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVu
c3BlY2lmaWVkIj5FQURER0hLPC9uczI6TmFtZUlEPgogICAgICAgICAgICA8bnMyOlN1YmplY3RD
b25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVy
Ij4KICAgICAgICAgICAgICAgIDxuczI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25z
ZVRvPSJfOTZlNmVjNTMtMjcyYy00ZGY1LThiNWMtMzMwMTExMGJhM2RkIiBOb3RPbk9yQWZ0ZXI9
IjIwMTktMDQtMTlUMDM6NTg6MTFaIiBSZWNpcGllbnQ9Imh0dHBzOi8vaXRhY2MtcnNzby5zcy5z
dy5lcmljc3Nvbi5zZS9yc3NvL3JlY2VpdmVyIi8+CiAgICAgICAgICAgIDwvbnMyOlN1YmplY3RD
b25maXJtYXRpb24+CiAgICAgICAgPC9uczI6U3ViamVjdD4KICAgICAgICA8bnMyOkNvbmRpdGlv
bnMgTm90QmVmb3JlPSIyMDE5LTA0LTE5VDAzOjU2OjExWiIgTm90T25PckFmdGVyPSIyMDE5LTA0
LTE5VDAzOjU4OjExWiI+CiAgICAgICAgICAgIDxuczI6QXVkaWVuY2VSZXN0cmljdGlvbj4KICAg
ICAgICAgICAgICAgIDxuczI6QXVkaWVuY2U+UlNTT19JVF9BQ0NfSURQPC9uczI6QXVkaWVuY2U+
CiAgICAgICAgICAgIDwvbnMyOkF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICAgICAgPC9uczI6Q29u
ZGl0aW9ucz4KICAgICAgICA8bnMyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxOS0w
NC0xOVQwMzo1Njo0MVoiIFNlc3Npb25JbmRleD0iWTNYQWVEcUdKd293NkQ3cWVCRFZ6NHJZd1Nv
PWxXZlI5UT09IiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE5LTA0LTE5VDAzOjU4OjExWiI+CiAg
ICAgICAgICAgIDxuczI6QXV0aG5Db250ZXh0PgogICAgICAgICAgICAgICAgPG5zMjpBdXRobkNv
bnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNz
d29yZDwvbnMyOkF1dGhuQ29udGV4dENsYXNzUmVmPgogICAgICAgICAgICA8L25zMjpBdXRobkNv
bnRleHQ+CiAgICAgICAgPC9uczI6QXV0aG5TdGF0ZW1lbnQ+CiAgICAgICAgPG5zMjpBdHRyaWJ1
dGVTdGF0ZW1lbnQ+CiAgICAgICAgICAgIDxuczI6QXR0cmlidXRlIE5hbWU9IkVtYWlsIiBOYW1l
Rm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3Bl
Y2lmaWVkIj4KICAgICAgICAgICAgICAgIDxuczI6QXR0cmlidXRlVmFsdWU+cGFua2FqLm8uc2hh
cm1hQGVyaWNzc29uLmNvbTwvbnMyOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgICAgICA8L25zMjpB
dHRyaWJ1dGU+CiAgICAgICAgPC9uczI6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPC9uczI6QXNz
ZXJ0aW9uPgo8L1Jlc3BvbnNlPgo=.]

Same config was working fine in earlier version.

Hi PankajSh0,

Perhaps I'm missing something. I don't recall ever seeing the certificate place in SAML response before. The certs are always pre-shared during metadata exchange when setting up partnership. The SP should already have your certs and you should already have the SP's certs so why do you need to send it again in the SAML response?

regards,

Zen

Hi Zen,

In the SAML response generally there is a tag for Signature and X509 Certificate which is missing in my case.

Yes, the public key of the IDP certificate is shared with SP for making a secure connection which is already done.

But in this case the SAML response being sent is not getting signed by any certificate and hence the SP is not able to process the response.

Regards,

Pankaj Sharma