Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SSO SAML2.0 not working

SA-37089

Summary



SAML SSO 2.0 is not working with Pega 7.2.2.


Error Messages



Unable to process the SAML WebSSO request : 1 on User interface

In the logs:

Running step 14_circum0
2017-04-12 10:20:09,000 [ httpexec-69] [ STANDARD] [ ] [ SAG:01.01.01] (Admin_Security_SSO_SAML.Action) DEBUG |Rest|WebSSO|SAML|AssertionConsumerService|A75A2B6D6C87C9664F56C20F5C9C5DA4F - Running step 15_circum0
2017-04-12 10:20:09,000 [ httpexec-69] [ STANDARD] [ ] [ SAG:01.01.01] (Admin_Security_SSO_SAML.Action) ERROR |Rest|WebSSO|SAML|AssertionConsumerService|A75A2B6D6C87C9664F56C20F5C9C5DA4F - Error while executing the Assertion Consumer Service activity : 1


Second error after fixing the first one:

Caught Exception while processing SAML2 Authentication response
com.pega.pegarules.pub.PRRuntimeException: No attribute statements found in the SAML Response,Unable to deduce an operator record for further processing
at com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.processAuthenticationResponse(PRSAMLv2Utils.java:552)
at com.pegarules.generated.activity.ra_action_pysamlwebssoauthenticationactivity_c47b18e15be5f092cee6529c38ebf1e0.step19_circum0(ra_action_pysamlwebssoauthenticationactivity_c47b18e15be5f092cee6529c38ebf1e0.java:1732)
at com.pegarules.generated.activity.ra_action_pysamlwebssoauthenticationactivity_c47b18e15be5f092cee6529c38ebf1e0.perform(ra_action_pysamlwebssoauthenticationactivity_c47b18e15be5f092cee6529c38ebf1e0.java:425)
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3553)


Steps to Reproduce



1. Configure SAMLAUTH.
2. Try to login with <your server address>/prweb/sso.
3. Provide proper credentials.


Root Cause



The user was using http instead of https in the ACS url which they were invoking as POST.

Once that was corrected, the first error was resolved but on submitting credentials from the SSO URL the Assertion service was getting called multiple times in an infinite loop.

The pySAMLWebSSOAuthenticationActivity was modified and pxReqContextURI of pxRequestor page was hardcoded to the https URL used.

After this, looping issue was reolved but the second error was encountered as mentioned above.

After checking the logs, it was identified that there is no attribute mapping done due to which the error was coming.

Resolution




After getting the attribute from the IDP server and mapping it in the SAML authentication service, the issue gets resolved and the SSO works fine.

Tags:

Pega Platform Pega Platform 7.2.2 Data Integration

Published May 15, 2017 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us