Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Getting KeyInfo is missing in signature error with SAML SSO

SA-5368

Summary



When SAML SSO assertion response was received, step 12 in the Activity pySAMLWebSSOAuthenticationActivity fails indicating KeyInfo was missing in Signature.

Error Messages



Caught Exception while validating SAML2 Authentication response protocol : KeyInfo is missing in signature.

2015-01-06 16:53:05,042 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] (AMLv2ResponseProtocolValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample. com - Starting SAML v2 Response Protocol validation _0x5351498e7136dfde7b6f98be8b3f584b
2015-01-06 16:53:05,043 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] ( sso.saml.SAMLValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample. com - Performing Schema validation for Response with ID _0x5351498e7136dfde7b6f98be8b3f584b and version : 2.0
2015-01-06 16:53:05,043 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] ( sso.saml.SAMLValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample. com - Schema validation is successful
2015-01-06 16:53:05,044 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] ( sso.saml.SAMLValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample. com - Specification validation is successful
2015-01-06 16:53:05,044 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] (AMLv2ResponseProtocolValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample.com - Getting the Keystore instance for : PEGA_SAML_AUTHSERVICEIDPCertStore
2015-01-06 16:53:05,046 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] (AMLv2ResponseProtocolValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample.com - Extracted keystore : truststore : PEGA_SAML_AUTHSERVICEIDPCertStore
2015-01-06 16:53:05,046 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] (AMLv2ResponseProtocolValidator) DEBUG twri1vsgaa005.sample.com|wsp644917wss.sample.com - Validated with SAMLSignatureProfileValidator
2015-01-06 16:53:05,047 [fault (self-tuning)'] [ STANDARD] [ ] [egaRULESSample:07.10] ( internal.util.PRSAMLv2Utils) ERROR twri1vsgaa005.sample.com|wsp644917wss.sample.com - Caught Exception while processing SAML2 Authentication response
com.pega.pegarules.pub.PRRuntimeException: Caught Exception while validating SAML2 Authentication response protocol : KeyInfo is missing in signature

Steps to Reproduce



1. Login to application
2. Click Pega portal link (displayed in an iFrame of the containing app)
3. SSO authentication process kicks-in and assertion request is sent to Identity Provider (IdP)
4. When Pega receives assertion response, step 12 in activity pySAMLWebSSOAuthenticationActivity, fails with an error message - KeyInfo is missing in signature

Root Cause



When we do not get KeyInfo with SAML response, we do not have fall-back KeyInfo handling. So it was failing when it does not get KeyInfo with SAML response.

Resolution



Provided HFix-20548 which added support to check the certificate in the PRPC truststore where the certificate from IdP metadata would have been imported.
 

Tags:

Pega Platform Pega Platform 7.1.6 Data Integration

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us