SSO setup with SAML 2.0 fails
SSO setup with SAML 2.0 fails.
Unable to process SAML2 Authentication response : Caught Exception while validating SAML2 Authentication response protocol : Received SAML token with invalid status code : urn:oasis:names:tc:SAML:2.0:status:Requester
With SAML tracer you observe that the authentication request to PingOne is not correct and PingOne returns this error as saml status:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" />
<samlp:StatusMessage>Request was invalid XML</samlp:StatusMessage>
<Cause>com.pingidentity.common.util.xml.InvalidXmlException: Invalid XML - errors: [error: cvc-datatype-valid.1.1: string value '_k+3Svd26lclY9qXt2Qst7rh9KGE=' does not match pattern for xs:ID]</Cause>
Steps to Reproduce
Execute SSO setup with SAML 2.0 using PingOne.
The root cause of this problem is a defect in Pegasystems’ code/rules. The error is due to an improper ID being sent. The "+" in the generated ID is causing the issue.
This issue is resolved by HFix-20958 which uses the OpenSAML API instead of using UUID for generation of random IDs for all types of WebSSO requests.
100% found this useful