Assertion does not contain unique subject provider identifier
User has a SAML configuration with IDP initiated calls.
However the user is getting exception and has encryption enabled. Error occurs on configuing SAML with identity provider (IdP) initiated calls and enabling encryption.
Unable to process the SAML WebSSO request :
Unable to process SAML2 Authentication response : Caught
Exception while validating SAML2 Authentication response for SSO profile :
Assertion does not contain unique subject provider identifier https:/<host>:<port>/prweb/sp/1234567890 in the audience restriction conditions.
Note: Prior to this error user was getting "The Response did not contain any Authentication Statement that matched the Subject Confirmation criteria" which was resolved through the HFix-35622.
Steps to Reproduce
- Click a link from the application. A request is sent to the middle layer which makes a request to SAML token provider (STS). The Token provider (STS) validates the request and issues a token for the operator. The Token is encrypted with Pega application public key & base64 encoded. The middle layer posts the SAML token received to Pega SSO Servlet URL (https://hostname:portnumber/prweb/sso) through HTTP POST.
- Use the application to decode and decrypt the SAML response and launch the User portal based on their level of access.
A defect or configuration issue in the operating environment.
The IDP response was missing the AudienceRestriction and Audience elements in the Conditions element.
Perform the following local-change in the Conditions elements:
Update the IDP configurations to include AudienceRestriction and Audience elements as below.
Modify the below sample Conditions element in the response.
<saml:Conditions NotBefore="2017-09-20T13:58:19Z" NotOnOrAfter="2017-09- 20T14:00:49Z"/>
<saml:Conditions NotBefore="2017-09-20T13:58:19Z" NotOnOrAfter="2017-09-20T14:00:49Z"/>
Published March 22, 2018 - Updated October 8, 2020
Was this useful?
0% found this useful
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.