Support Article
Pega 7.1.6 SAML response verification issue
SA-2207
Summary
Implementing SSO with SAML Integration, user is able to push the Auth request from PRPC as configured in the SAML AuthService. Verification though the AuthService is configured with Certificate it is not looking up in the keystore configured for Auth service instead trying to look up at different location.
Error Messages
Unable to process the SAML WebSSO request : Unable to process SAML2 Authentication response : Caught Exception while validating SAML2 Authentication response protocol : No message with ID "certpath" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Steps to Reproduce
Configured SAML setup in PRPC to use a trusted certificate to sign requests and also to validate IDP response.
Root Cause
The root cause of this problem is defect/misconfiguration in the PRPC operating environment.
1. Certificate from IDP metadata was not in the keystore used.
2. On re-generating keystore using IDP metadata, same key store and certificate was used for signing the Request by PRPC SP. Change to different keystore.
3. The certificate needs to be protected by a password. Customer changed the entry for certificate to a Private Key entry.
Resolution
This issue is resolved by making the following change to the PRPC operating environment:
Regenerated the keystore by using IDP metadata.
Changed certificate entry to Private key entry protected by password.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.