CASB Generic SSO SAML Troubleshooting Error: HTTP 405
search cancel

CASB Generic SSO SAML Troubleshooting Error: HTTP 405


Article ID: 171152


Updated On:


CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Advanced Threat Protection CASB Gateway Advanced CASB Security Advanced IAAS CASB Security Premium IAAS CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS


SAML errors can be generic and can require splunk to access our backend logs.

Error: HTTP 405
Error: SAML Assertion Failure


Find the SAML DebugID by going to another tab when attempting the SAMLogin.

Search splunk by the debugID example: eddf456f-0951-559b-c534-8731e01d1c9

func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=957:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=715:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=623:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec library function failed: Error: failed to decrypt file

Error: 450:key is not found
Error: failed to decrypt.
The error above would suggest that the SAML response is not encryted with our certificate. Elastica needs to decrypt it with our private key.

Elastica meta-data contains the certificate and needs to be imported and selected within the IDP.

Error: Exception thrown while processing SAML response.
IDP is expecting signed auth request and CloudSOC is not configured with "Signed Request" flag= TRUE.

In CloudSOC Settings |  SSO | Advanced Settings check the box for signed request.