UMP configured with SAML against ADFS 2 fails with error 'Unable to process SAML request'

Article Id: 7363
Status: Published
Updated On: 14-02-2018 08:14
Legacy Id: TEC1436983
Products:
CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) , NIMSOFT PROBES
Issue/Introduction:

After configuring UMP to use SAML authentication, while trying to login to the system with a SAML account the error  'Unable to process SAML request' is displayed.

 

Cause:

This issue can be cause by the lack of escape character (\) before colon characters in a UMP configuration file.

The following error is logged in portal.log:

org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.xml.security.SecurityException: java.security.UnrecoverableKeyException: requested entry requires a password

Environment:

UIM 8.51

Resolution:

To resolve this problem you should deactivate the wasp probe and edit the portal-ext.properties file.

If any configuration setting in this file contains a colon they should always be escaped with a backslash.

 

In this example (not restricted to the sample parameters) you should change the setting:

 

FROM

saml.keystore.credential.password[http://url.domain.com/sp]=my:password

saml.entity.id=http://url.domain.com/sp 

saml.sp.default.idp.entity.id=http://SERVER.domain.com/adfs/services/trust 

 

TO

saml.keystore.credential.password[http\://url.domain.com/sp]=my\:password

saml.entity.id=http\://url.domain.com/sp 

saml.sp.default.idp.entity.id=http\://SERVER.domain.com/adfs/services/trust