Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SSO fails with exception while validating SAML response

SA-15482

Summary



Using SSO and SAML 2.0 with PING identity, and trying to log in through SSO, it fails with an exception in logs.


Error Messages



com.pega.pegarules.pub.PRRuntimeException: Caught Exception while validating SAML2 Authentication response protocol : For input string: ""
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ResponseProtocolValidator.validate(SAMLv2ResponseProtocolValidator.java:186)
at com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.validateResponse(PRSAMLv2Utils.java:526)
at com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.processAuthenticationResponse(PRSAMLv2Utils.java:495)


Steps to Reproduce



Log in with SSO using SAML 2.0 with PING identity.


Root Cause



A third-party product issue: Weblogic 12.1.3 xml processing JARs are incompatible with opensaml 2.6.1.

Resolution



Perform the following local-change: 

Use the custom xml-apis-1.0.b2.jar, xercesImpl-2.9.1.jar (downloaded from the associated open source project) that are compatible with opensaml 2.6.1.

1. Add the following segments to the weblogic-application.xml (normally under
archives\prpc\weblogic\ear\app\META-INF in the Pega official media).
 

    <xml>
        <parser-factory>
            <saxparser-factory>
                org.apache.xerces.jaxp.SAXParserFactoryImpl
            </saxparser-factory>
            <document-builder-factory>
                org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
            </document-builder-factory>
            <transformer-factory>
                org.apache.xalan.processor.TransformerFactoryImpl
            </transformer-factory>
        </parser-factory>
    </xml>
    <prefer-application-packages>
        <package-name>org.opensaml.*</package-name>
        <package-name>org.apache.xerces.*</package-name>
        <package-name>org.apache.xalan.*</package-name>
    </prefer-application-packages>
2. Redeploy the Pega EAR as instructed by the official installation guide.
3. Restart the server instance.

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us