Automic Workload Automation

Dear Experts,

We are trying to configure SAML on our Sandbox system for testing. Upon testing, we are getting the following error in our internal Federation Service.
We are running AE 12.3.1 with Tomcat as the Web Server.
We created an entry in UC_SYSTEM_SETTINGS in 0 client with SAML and value as Y. Then opened UC_SAML_SETTINGS and changed the following.

1. Entity ID
2. In the location places, we changed the destination URL of the Automic SBX URL (https://hostname/awi/)

We gave the metadata XML file to our internal IDP team and they provided a new meta data xml . I created an additional key for department and pasted the contents of the XML file in it.

Upon testing we are getting an error and checking on the IDP side, we see an error illegal XML Character :0X10

Does anyone have any idea how to fix it ?

Illegal XML Character : 0X10

Thanks and Regards
Vimalan

@Maria Joseph Vimalan ​,

We working with Broadcom Support troubleshooting SAML setup on our TEST system before we can implement this on PROD.

I believe our internal IDP was initially also throwing that error due to AWI application was doing POST and not sending SAMLRequest in message body but sending it as a part of URL query parameters. IDP on POST was expecting the SAMLRequest to be in the message body, so it could not parse empty message.

What helped us:

#1. If your IDP metadata have both entries for HTTP-Redirect and HTTP-POST then remove the HTTP-Redirect from metadata for the KEY in the UC_SAML_SETTINGS

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://xxxxxxxxxxx/saml2/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://xxxxxxxxxx/saml2/sso"/> (remove this line)

This should force the AWI to place SAMLRequest when POSTing to IDP into message body.

#2. Also on IDP side ensure that complete SAMLResponse message is signed.


With that said, we are still troubleshooting few things with Broadcom and SAML configurations, but at least that "Illigal XML Character" error is gone.

It looks like you had started this SAML setup process earlier than us.

Where you completely successful in SAML configuration for your environment?

Thanks,

Vlad​
Original Message:
Sent: 12-12-2019 05:53 AM
From: Vimalan
Subject: SAML testing error in 12.3.1

Dear Experts,

We are trying to configure SAML on our Sandbox system for testing. Upon testing, we are getting the following error in our internal Federation Service.
We are running AE 12.3.1 with Tomcat as the Web Server.
We created an entry in UC_SYSTEM_SETTINGS in 0 client with SAML and value as Y. Then opened UC_SAML_SETTINGS and changed the following.

1. Entity ID
2. In the location places, we changed the destination URL of the Automic SBX URL (https://hostname/awi/)

We gave the metadata XML file to our internal IDP team and they provided a new meta data xml . I created an additional key for department and pasted the contents of the XML file in it.

Upon testing we are getting an error and checking on the IDP side, we see an error illegal XML Character :0X10

Does anyone have any idea how to fix it ?

Illegal XML Character : 0X10

Thanks and Regards
Vimalan

I would also be interested in know if this SAML setup was successful.

------------------------------
DevOps Engineer
ULLICO
------------------------------

Original Message:
Sent: 04-13-2020 03:58 PM
From: Vlad Navazhylau
Subject: SAML testing error in 12.3.1

@Maria Joseph Vimalan ​,

We working with Broadcom Support troubleshooting SAML setup on our TEST system before we can implement this on PROD.

I believe our internal IDP was initially also throwing that error due to AWI application was doing POST and not sending SAMLRequest in message body but sending it as a part of URL query parameters. IDP on POST was expecting the SAMLRequest to be in the message body, so it could not parse empty message.

What helped us:

#1. If your IDP metadata have both entries for HTTP-Redirect and HTTP-POST then remove the HTTP-Redirect from metadata for the KEY in the UC_SAML_SETTINGS

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://xxxxxxxxxxx/saml2/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://xxxxxxxxxx/saml2/sso"/> (remove this line)

This should force the AWI to place SAMLRequest when POSTing to IDP into message body.

#2. Also on IDP side ensure that complete SAMLResponse message is signed.


With that said, we are still troubleshooting few things with Broadcom and SAML configurations, but at least that "Illigal XML Character" error is gone.

It looks like you had started this SAML setup process earlier than us.

Where you completely successful in SAML configuration for your environment?

Thanks,

Vlad​
Original Message:
Sent: 12-12-2019 05:53 AM
From: Vimalan
Subject: SAML testing error in 12.3.1

Dear Experts,

We are trying to configure SAML on our Sandbox system for testing. Upon testing, we are getting the following error in our internal Federation Service.
We are running AE 12.3.1 with Tomcat as the Web Server.
We created an entry in UC_SYSTEM_SETTINGS in 0 client with SAML and value as Y. Then opened UC_SAML_SETTINGS and changed the following.

1. Entity ID
2. In the location places, we changed the destination URL of the Automic SBX URL (https://hostname/awi/)

We gave the metadata XML file to our internal IDP team and they provided a new meta data xml . I created an additional key for department and pasted the contents of the XML file in it.

Upon testing we are getting an error and checking on the IDP side, we see an error illegal XML Character :0X10

Does anyone have any idea how to fix it ?

Illegal XML Character : 0X10

Thanks and Regards
Vimalan

Hi Vlad,

Your hint helped us to solve the issue. 

After we removed the HTTP-redirect, the connection is working as expected. 

Thank you so much

Regards
Vimalan
Original Message:
Sent: 04-13-2020 03:58 PM
From: Vlad Navazhylau
Subject: SAML testing error in 12.3.1

@Maria Joseph Vimalan ​,

We working with Broadcom Support troubleshooting SAML setup on our TEST system before we can implement this on PROD.

I believe our internal IDP was initially also throwing that error due to AWI application was doing POST and not sending SAMLRequest in message body but sending it as a part of URL query parameters. IDP on POST was expecting the SAMLRequest to be in the message body, so it could not parse empty message.

What helped us:

#1. If your IDP metadata have both entries for HTTP-Redirect and HTTP-POST then remove the HTTP-Redirect from metadata for the KEY in the UC_SAML_SETTINGS

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://xxxxxxxxxxx/saml2/sso"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://xxxxxxxxxx/saml2/sso"/> (remove this line)

This should force the AWI to place SAMLRequest when POSTing to IDP into message body.

#2. Also on IDP side ensure that complete SAMLResponse message is signed.


With that said, we are still troubleshooting few things with Broadcom and SAML configurations, but at least that "Illigal XML Character" error is gone.

It looks like you had started this SAML setup process earlier than us.

Where you completely successful in SAML configuration for your environment?

Thanks,

Vlad​
Original Message:
Sent: 12-12-2019 05:53 AM
From: Vimalan
Subject: SAML testing error in 12.3.1

Dear Experts,

We are trying to configure SAML on our Sandbox system for testing. Upon testing, we are getting the following error in our internal Federation Service.
We are running AE 12.3.1 with Tomcat as the Web Server.
We created an entry in UC_SYSTEM_SETTINGS in 0 client with SAML and value as Y. Then opened UC_SAML_SETTINGS and changed the following.

1. Entity ID
2. In the location places, we changed the destination URL of the Automic SBX URL (https://hostname/awi/)

We gave the metadata XML file to our internal IDP team and they provided a new meta data xml . I created an additional key for department and pasted the contents of the XML file in it.

Upon testing we are getting an error and checking on the IDP side, we see an error illegal XML Character :0X10

Does anyone have any idea how to fix it ?

Illegal XML Character : 0X10

Thanks and Regards
Vimalan