After configuring UMP to use SAML authentication, while trying to login to the system with a SAML account the error  'Unable to process SAML request' is displayed.

This issue can be cause by the lack of escape character (\) before colon characters in a UMP configuration file.

The following error is logged in portal.log:

org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.xml.security.SecurityException: java.security.UnrecoverableKeyException: requested entry requires a password

To resolve this problem you should deactivate the wasp probe and edit the portal-ext.properties file.

If any configuration setting in this file contains a colon they should always be escaped with a backslash.

In this example (not restricted to the sample parameters) you should change the setting:

FROM

saml.keystore.credential.password[http://url.domain.com/sp]=my:password

saml.entity.id=http://url.domain.com/sp 

saml.sp.default.idp.entity.id=http://SERVER.domain.com/adfs/services/trust 

TO

saml.keystore.credential.password[http\://url.domain.com/sp]=my\:password

saml.entity.id=http\://url.domain.com/sp 

saml.sp.default.idp.entity.id=http\://SERVER.domain.com/adfs/services/trust