SP-initiated SSO does not work with encrypted attributes
PRRuntimeException occurs when reading the encrypted SAML response from the Identity Manager (IDP) while using the SP-initiated single sign-on (SSO).
Caught Exception while processing SAML2 Authentication response
com.pega.pegarules.pub.PRRuntimeException: Caught Exception while validating SAML2 Authentication response protocol : Must contain one or more attributes
Steps to Reproduce
- Log in through SSO.
- Read the SAML response.
When encrypted attributes were sent in an SAML response, the application failed to decrypt the attributes. Validation failure occurred because the signature element was not found, due to which the schema validation failed. Hence, custom PegaSAMLValidator was provided to validate the assertion.