Support Article
SAML 2.0 ACS request leads to error
SA-62732
Summary
While using SURFconext as Identity Provider (IdP) for SAML authentication, the application receives the SAML response and results in HTTP 500 error.
The binding is REDIRECT for both login and for SingleLogout (SLO).
Error Messages
HTTP 500
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler.populatePOSTBodyParams(SAMLv2ACSHandler.java:459) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler.executePostBindingFlow(SAMLv2ACSHandler.java:368) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler.processSAMLResponse(SAMLv2ACSHandler.java:71) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.processSSOResponse(PRSAMLv2Utils.java:148) ~[printegrint.jar:?]
Steps to Reproduce
Log in to SAML 2.0 in Pega 7.4.
Root Cause
A defect in Pegasystems’ code or rules.
Two responses are received from SAML, SAML Response and RelayState.
SAMLResponse=PHNhbWx......scDpSZXNwb25zZT4%3D
return=
RelayState=c900e640-4975-4f02-be03-d212c768b6f0
In this scenario, the return value is null. Hence, the ArrayIndexOutOfBoundsException occurs.
Resolution
Apply HFix-46276.
Published October 2, 2018 - Updated December 2, 2021
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.