Question

3
Replies
374
Views
Close popover
Ken Leung (KenL7169)
Vistra Hong Kong Ltd

Vistra Hong Kong Ltd
HK
View ProfileSend Message
KenL7169 Member since 2018 2 posts
Vistra Hong Kong Ltd
Posted: September 4, 2018
Last activity: September 7, 2018
Closed

ADFS 3.0 does not recognize Pega SAML request signature

ADFS does not support the SHA-1 algorithm used by Pega. So ADFS refuses Pega authentication request on Pega Platform 7.4

Errors on ADFS side:

Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureAlgorithmMismatchException: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.

Errror on Pega side:

Unable to process the SAML WebSSO request : Caught Exception while validating SAML2 Authentication response protocol : Received SAML token with invalid status code : urn:oasis:names:tc:SAML:2.0:status:Responder

Pega Platform Security
Close popover
Moderation Team has archived post
Posted: 2 years ago
Updated: 2 years ago
Close popover
Ajay Rangarh (AjayRangarh)
PEGA
Senior Technical Solutions Engineer
Pegasystems Inc.
IN
View ProfileSend Message

There are 2 hotfixes available for this in Pega 7.3.1:  Hfix-42004 and HFix-42747.  


In case you'd need the same hotfixes for Pega 7.4 - Please log a SR with GCS.


This is planned to be fixed in the upcoming release.

Posted: 2 years ago
Updated: 2 years ago
Close popover
Ajay Rangarh (AjayRangarh)
PEGA
Senior Technical Solutions Engineer
Pegasystems Inc.
IN
View ProfileSend Message

My bad. Yes, if you upgrade to our upcoming release of Pega Infinity, the issue won't be observed.


However, if you want the fix on Pega 7.4, you will have to contact GCS Support to get the changes ported.
Share this page Share via LinkedIn Copying...
Copied!