Question
ADFS 3.0 does not recognize Pega SAML request signature
ADFS does not support the SHA-1 algorithm used by Pega. So ADFS refuses Pega authentication request on Pega Platform 7.4
Errors on ADFS side:
Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureAlgorithmMismatchException: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
Errror on Pega side:
Unable to process the SAML WebSSO request : Caught Exception while validating SAML2 Authentication response protocol : Received SAML token with invalid status code : urn:oasis:names:tc:SAML:2.0:status:Responder
There are 2 hotfixes available for this in Pega 7.3.1: Hfix-42004 and HFix-42747.
In case you'd need the same hotfixes for Pega 7.4 - Please log a SR with GCS.
This is planned to be fixed in the upcoming release.