Question

4
Replies
1477
Views
MaartenBPM Member since 2013 11 posts
BPM Company
Posted: July 6, 2018
Last activity: September 19, 2018
Closed

Issue while setting up SAML authentication: ArrayIndexOutOfBoundsException in java method populatePOSTBodyParams / processSSOResponse

Issue

We are setting up SAML authentication in Pega 7.4.0 with an external Identity Provider on Dev environment. Pega succesfully routes the user to the identity provider and the user also gets succesfully redirected back to the Service Provider (our Pega application).

Then the OOTB REST service AssertionConsumerService (for POST method) gives a 500 status code (Internal Server error). While analyzing, we found out that the OOTB service activity pzAssertionConsumerServiceV2Activity gives an ArrayIndexOutOfBoundsException in step 1. This activity only contains java:

SAMLUtils samlutils = pega.getSAMLUtils();
samlutils.processSSOResponse(tools, myStepPage);

The stack trace indicates the ArrayIndexOutOfBoundsException happens in java method populatePOSTBodyParams. We are a bit stuck now.

Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler.populatePOSTBodyParams(SAMLv2ACSHandler.java:459) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler.executePostBindingFlow(SAMLv2ACSHandler.java:368) ~[printegrint.jar:?]
at com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler.processSAMLResponse(SAMLv2ACSHandler.java:71) ~[printegrint.jar:?]
What we tried to find out the issue
- Enable service monitoring on the WebSSO to catch the incoming request (SAML assertion data) to the REST service. Use Base64 Decode + Inflate to see (partly) what was in the message;
- Enabled DEBUG logging on classes Rule_Obj_Activity.pzAssertionConsumerServiceV2Activity.Data_Admin_Security_SSO_SAML.Action and com.pega.pegarules.session.internal.mgmt.authentication. This gave no extra information;
- Run the REST service and then trace it. Seeing a FAIL on step 1 with message Error while executing SAML SSO flow : 1;
- Making some changes to the authentication service rule.
Any suggestions to debug this further?
***Edited by Moderator Marissa to update platform capability tags***
Data Integration Java and Activities Data Integration Security
Moderation Team has archived post
Share this page LinkedIn