We have multiple OneClick hosts, all but one uses SAML.

The locally authenticated OneClick works fine.

All SAML Oneclick webpages are showing a 500 error after entering credentials.

This page isn't working. 500. That's an error.

Spectrum: All Supported Releases

OneClick with SAML

Enable debug for SAML:

• SAML Debug Spectrum 23.3.4 and above
• Linux and Window
• Open Spectrum\tomcat\classes\log4j2.xml
• Update following
• <Logger name="com.aprisma.tomcat" level="debug"></Logger> 
• <Logger name="org.apache.catalina.authenticator" level="debug"></Logger> 
• and Add following
• <Logger name="org.apache.cxf.fediz" level="debug"></Logger>
• Restart not required

And we see this in the tomcat log (stdout.log, catalina.out)

ZvDJ/ESRxDZoFT6SRPJIDPv3ZJpgEA3U87q08NkK37g8zNLyx7t6A28Me0v7MzB666Fhnqbr1BaAWQkOj7CPXN4FqTM40FzQ==</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/></samlp:Status></samlp:Response>.

2024-07-01 07:12:45,702 [https-jsse-nio-8443-exec-4] DEBUG org.apache.cxf.fediz.core.samlsso.SAMLProtocolResponseValidator - SAML Status code of urn:oasis:names:tc:SAML:2.0:status:Responderdoes not equal urn:oasis:names:tc:SAML:2.0:status:Success

2024-07-01 07:12:45,702 [https-jsse-nio-8443-exec-4] DEBUG org.apache.cxf.fediz.core.processor.SAMLProcessorImpl - SAML token security failure

org.apache.wss4j.common.ext.WSSecurityException: SAML token security failure

This is related to a certificate issue on our ADFS server.

https://stackoverflow.com/questions/46476260/what-causes-a-responder-status-in-a-saml-response