After configuring UMP to use SAML authentication, while trying to login to the system with a SAML account the error 'Unable to process SAML request' is displayed.
This issue can be cause by the lack of escape character (\) before colon characters in a UMP configuration file.
The following error is logged in portal.log:
org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.xml.security.SecurityException: java.security.UnrecoverableKeyException: requested entry requires a password
To resolve this problem you should deactivate the wasp probe and edit the portal-ext.properties file.
If any configuration setting in this file contains a colon they should always be escaped with a backslash.
In this example (not restricted to the sample parameters) you should change the setting:
FROM
saml.keystore.credential.password[http://url.domain.com/sp]=my:password
saml.entity.id=http://url.domain.com/sp
saml.sp.default.idp.entity.id=http://SERVER.domain.com/adfs/services/trust
TO
saml.keystore.credential.password[http\://url.domain.com/sp]=my\:password
saml.entity.id=http\://url.domain.com/sp
saml.sp.default.idp.entity.id=http\://SERVER.domain.com/adfs/services/trust