SSO SAML2.0 not working
SummarySAML SSO 2.0 is not working with Pega 7.2.2.
Error MessagesUnable to process the SAML WebSSO request : 1 on User interface
In the logs:Running step 14_circum0
2017-04-12 10:20:09,000 [ httpexec-69] [ STANDARD] [ ] [ SAG:01.01.01] (Admin_Security_SSO_SAML.Action) DEBUG |Rest|WebSSO|SAML|AssertionConsumerService|A75A2B6D6C87C9664F56C20F5C9C5DA4F - Running step 15_circum0
2017-04-12 10:20:09,000 [ httpexec-69] [ STANDARD] [ ] [ SAG:01.01.01] (Admin_Security_SSO_SAML.Action) ERROR |Rest|WebSSO|SAML|AssertionConsumerService|A75A2B6D6C87C9664F56C20F5C9C5DA4F - Error while executing the Assertion Consumer Service activity : 1Second error after fixing the first one:Caught Exception while processing SAML2 Authentication response
com.pega.pegarules.pub.PRRuntimeException: No attribute statements found in the SAML Response,Unable to deduce an operator record for further processing
Steps to Reproduce1. Configure SAMLAUTH.
2. Try to login with <your server address>/prweb/sso.
3. Provide proper credentials.
Root CauseThe user was using http instead of https in the ACS url which they were invoking as POST.
Once that was corrected, the first error was resolved but on submitting credentials from the SSO URL the Assertion service was getting called multiple times in an infinite loop.
The pySAMLWebSSOAuthenticationActivity was modified and pxReqContextURI of pxRequestor page was hardcoded to the https URL used.
After this, looping issue was reolved but the second error was encountered as mentioned above.
After checking the logs, it was identified that there is no attribute mapping done due to which the error was coming.
ResolutionAfter getting the attribute from the IDP server and mapping it in the SAML authentication service, the issue gets resolved and the SSO works fine.
Published April 26, 2017 - Updated May 15, 2017