How to configure Clarity SAML 2.0 solution with ADFS?
Release : 15.9.2, 15.9.3, 16.0.0, 16.0.1, 16.1.0
Component : CLARITY SECURITY INTEGRATION
Configuration issue due to defect DE61113 (fixed in 16.1.1)
Note:
UPDATE
ODF_MULTI_VALUED_LOOKUPS
SET
value = 'urn:federation:authentication:windows',
DWH_VALUE = 'urn:federation:authentication:windows'
WHERE
ATTRIBUTE = 'sec_req_auth_context';
Note: If this is not done there will be below error in APP Ca Log
ERROR 2021-08-19 03:47:45,105 [https-jsse-nio2-8443-exec-7] filter.SAMLFilter (clarity:unknown:x__x-x-x-x-x:saml.filter) Error occurred authenticating with SAMLFilter
java.lang.RuntimeException: Unauthenticated SAML response received: The status code of the Response was not Success, was urn:oasis:names:tc:SAML:2.0:status:Responder
Note: If you have multiple server with load balanced setup then you should update http/https Entry URL based on your loadbalancer URL but end point should have /niku/nu protected
Note:
The error below can be seen in the app ca log
ERROR 2021-05-25 17:24:22,103 [http-nio-14001-exec-1] filter.SAMLFilter (clarity:admin:-1:none) Error occured while creating session for user null Reason: Unauthenticated SAML response received:Signature validation failed. SAML Response rejected
This is tracked as defect DE61113 and workaround is to update the CERT_VALUE of table CMN_SEC_CERTS with the correct certificate directly into the database. The correct certification can be found in the IDP metadata file under tag <KeyDescriptor use="signing"> and use the same certificate to update in table CMN_SEC_CERTS as clarity uses the singing certificate for SAML response
UPDATE CMN_SEC_CERTS
SET CERT_VALUE = '$CERTIFICATE VALUE FROM METADATA'
WHERE ID = '$CERTIFICATE ID OF TABLE CMN_SEC_CERT';