SAML2 not working after upgrade to 20.2

book

Article ID: 206191

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

After upgrading to 20.2.5 in a test environment, I cannot get SAML2 authentication working (was working prior to upgrade). The user assertion is posted and the browser receives a 302 redirect to the login page with the error "Error Authenticating: SAML Authentication Failed". In the sso logs, I see "Response is incorrectly signed" and similar messages. The sso/configuration/saml.properties, the metadata referenced in it, and keystore referenced in it seem to be correct. SsoConfig shows SAML2 authentication is enabled and has the same configuration as before the upgrade. I will attach a RemoteEngineer diagnostic.

Cause

It's complaining the signature in the IDP XML being used by SSO (saml.properties metadata file) doesn't align to the signature that the UserAssertion has been signed with.

Environment

Release : 20.2

Component : IM Reporting / Admin / Configuration

Resolution

Check to see if the metadata file pointed to in saml.properties has the correct signature that the IDP is using.  The IDP may have changed it, but they didn't export a new metadata XML from IDP and copy to PC and restart SSO service.