SAML integration fails with U00045014 Failed to decrypt EncryptedData
Article ID: 276735
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
The SAML integration fails when the SAML Response is encrypted with "Error decrypting encrypted key"
20230829/114021.393 - 66 U00045325 SAML-Token als '<samlp:Response>' erhalten 20230829/114021.433 - 66 Error decrypting encrypted key 20230829/114021.434 - 66 Failed to decrypt EncryptedKey, valid decryption key could not be resolved 20230829/114021.435 - 66 Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver 20230829/114021.436 - 66 SAML Decrypter encountered an error decrypting element content 20230829/114021.437 - 66 U00045014 Ausnahme 'org.opensaml.xmlsec.encryption.support.DecryptionException: "Failed to decrypt EncryptedData"' in 'org.opensaml.xmlsec.encryption.support.Decrypter.decryptDataToDOM():548'.
Environment
Version: All
Component: Automic Automation
Context: SAML integration
Cause
The feature WantSAMLResponseSigned=true is not supported in Automic
Resolution
Please ask your IdP provider to disable the feature WantSAMLResponseSigned=true in SAML
Additional Information
Support for Encrypted SAML assertions was never in scope and was not implemented.
Due to all Identity Providers using https (encryption) for transfering the SAML login data it is considered that this provides enough security.
If you would need this feature, please open a feature request via the Ideas section in the communities
Feedback
Yes
No
Powered by
