search cancel

CASB Generic SSO SAML Troubleshooting Error: HTTP 405

book

Article ID: 171152

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced

Issue/Introduction

SAML errors can be generic and can require splunk to access our backend logs.
 

Error: HTTP 405
Error: SAML Assertion Failure

Resolution

Find the SAML DebugID by going to another tab when attempting the SAMLogin.
https://app.elastica.net/static/ng/appLogin/index.html#/debug

Search splunk by the debugID example: eddf456f-0951-559b-c534-8731e01d1c9

func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=957:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=715:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=623:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec library function failed: Error: failed to decrypt file


Error: 450:key is not found
Error: failed to decrypt.
The error above would suggest that the SAML response is not encryted with our certificate. Elastica needs to decrypt it with our private key.

Elastica meta-data contains the certificate and needs to be imported and selected within the IDP.

Error: Exception thrown while processing SAML response.
IDP is expecting signed auth request and CloudSOC is not configured with "Signed Request" flag= TRUE.

In CloudSOC Settings |  SSO | Advanced Settings check the box for signed request.

 

Attachments