Support Article
SP-initiated SSO does not work with encrypted attributes
SA-44513
Summary
PRRuntimeException occurs when reading the encrypted SAML response from the Identity Manager (IDP) while using the SP-initiated single sign-on (SSO).
Error Messages
Caught Exception while processing SAML2 Authentication response
com.pega.pegarules.pub.PRRuntimeException: Caught Exception while validating SAML2 Authentication response protocol : Must contain one or more attributes
Steps to Reproduce
- Log in through SSO.
- Read the SAML response.
Root Cause
When encrypted attributes were sent in an SAML response, the application failed to decrypt the attributes. Validation failure occurred because the signature element was not found, due to which the schema validation failed. Hence, custom PegaSAMLValidator was provided to validate the assertion.
Resolution
Apply HFix-35622.
Published December 14, 2017 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.