Users cannot login using SAML post upgraded environment.

Release : 12.8.07

GTWY: Federation

Based on the logs analysis here are the findings.

FWS Trace logs

05/04/2023][09:39:10][760802][140478081058560][28e178f7-3f5062a3-b3656fa8-5c94f295-f5f5427c-67][AssertionConsumer.java][processSAMLResponse][Redirecting user to target url [CHECKPOINT = SSOSAML2_REDIRECTUSERTARGETURL_REQ]]
[05/04/2023][09:39:10][760802][140478081058560][28e178f7-3f5062a3-b3656fa8-5c94f295-f5f5427c-67][AssertionConsumer.java][handleUserRedirection][Enter: handleUserRedirection]
[05/04/2023][09:39:10][760802][140478081058560][28e178f7-3f5062a3-b3656fa8-5c94f295-f5f5427c-67][AssertionConsumer.java][redirectUser][
redirectMode: 3]
[05/04/2023][09:39:10][760802][140478081058560][28e178f7-3f5062a3-b3656fa8-5c94f295-f5f5427c-67][AssertionConsumer.java][redirectUser][Redirecting the user to https://gestestest.popso.it/TesoWeb/sso/saml using '302 No Data' redirect mode.]
[05/04/2023][09:39:10][760802][140478081058560][28e178f7-3f5062a3-b3656fa8-5c94f295-f5f5427c-67][AssertionConsumer.java][doPost][
   processSAMLResponse TIME: 245ms]

Policy Server trace

[05/04/2023][11:39:11.088][139677227017984][][][][SmAuthorization.cpp:642][CSmAz::IsProtected][][][][/login/webfonts/titilliumweb/titilliumweb-regular.ttf][][Not Protected: No matching rules found for resource.][][][][][][][][][]
[05/04/2023][11:39:11.088][139677227017984][][][][SmAuthorization.cpp:644][CSmAz::IsProtected][][][][][][Leave function CSmAz::IsProtected][][][][][][][][][]
[05/04/2023][11:39:11.088][139677227017984][][][][Sm_Az_Message.cpp:412][CSm_Az_Message::SendReply][][][][][][Enter function CSm_Az_Message::SendReply][][][][][][][][][]
[05/04/2023][11:39:11.088][139677227017984][s2166/r675][][][Sm_Az_Message.cpp:837][CSm_Az_Message::FormatAttribute][ag_gestestest][][][][][Send response attribute 146, data size is 0][][][][][][][][][]
[05/04/2023][11:39:11.088][139677227017984][s2166/r675][][][Sm_Az_Message.cpp:837][CSm_Az_Message::FormatAttribute][ag_gestestest][][][][][Send response attribute 147, data size is 0][][][][][][][][][]
[05/04/2023][11:39:11.088][139677227017984][s2166/r675][][][Sm_Az_Message.cpp:607][CSm_Az_Message::SendReply][ag_gestestest][][][][][** Status: Not Protected. ][][][][][][][][][]

As per the FWS trace logs the redirection is happening fine but from the agent perspective the status of the realm is not protected. 

Resolution Steps

It was identified that security zones mentioned in ACO and localconfig file has mismatch. On correcting the security zones has resolved the reported issue.