ADFS 3.0 does not recognize Pega SAML request signature
ADFS does not support the SHA-1 algorithm used by Pega. So ADFS refuses Pega authentication request on Pega Platform 7.4
Errors on ADFS side:
Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureAlgorithmMismatchException: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
Errror on Pega side:
Unable to process the SAML WebSSO request : Caught Exception while validating SAML2 Authentication response protocol : Received SAML token with invalid status code : urn:oasis:names:tc:SAML:2.0:status:Responder
Do you mean this will be fixed after upgraded up to version 7.5?
My bad. Yes, if you upgrade to our upcoming release of Pega Infinity, the issue won't be observed.
However, if you want the fix on Pega 7.4, you will have to contact GCS Support to get the changes ported.
There are 2 hotfixes available for this in Pega 7.3.1: Hfix-42004 and HFix-42747.
In case you'd need the same hotfixes for Pega 7.4 - Please log a SR with GCS.
This is planned to be fixed in the upcoming release.