Question

9
Replies
189
Views
TamasZ28 Member since 2015 2 posts
NN Biztosító Zrt
Posted: September 11, 2017
Last activity: October 16, 2018
Closed
Solved

problem with ADFS SSO after upgrading from 7.1.7 to 7.2.2

Hi,

We had configured SSO on our Pega 7.1.7 using ADFS and SAML2. (It had worked with two hotfixes.)

Recently we upgraded our PRPC from 7.1.7 to 7.2.2 and since then I see "Unable to process the SAML WebSSO request : The Response did not contain any Authentication Statement that matched the Subject Confirmation criteria" message on Pega page after trying to log in. The SAML request/response seems normal but those are encrypted.
These are the relevant rows from the Pega log:

2017-09-11 16:22:04,543 [ http-0.0.0.0:8543-3] [          ] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152  - Requestor A89A1FEB10AA1950BFC2585C9F5956394 is reserved by current thread 
2017-09-11 16:22:04,552 [ http-0.0.0.0:8543-3] [          ] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152  - A89A1FEB10AA1950BFC2585C9F5956394 is added to memory map 
2017-09-11 16:22:04,557 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152  - doWithRequestorLocked(); Requestor: A89A1FEB10AA1950BFC2585C9F5956394; Lock released 
2017-09-11 16:22:04,563 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152  - doWithRequestorLocked(); Requestor: A89A1FEB10AA1950BFC2585C9F5956394; Lock released 
2017-09-11 16:22:04,591 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152|Rest|WebSSO|SAML|AssertionConsumerService  - doWithRequestorLocked(); Requestor: A89A1FEB10AA1950BFC2585C9F5956394; Lock released 
2017-09-11 16:22:04,596 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152|Rest|WebSSO|SAML|AssertionConsumerService  - doWithRequestorLocked(); Requestor: A89A1FEB10AA1950BFC2585C9F5956394; Lock released 
2017-09-11 16:22:04,621 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152|Rest|WebSSO|SAML|AssertionConsumerService  - doWithRequestorLocked(); Requestor: A89A1FEB10AA1950BFC2585C9F5956394; Lock released 
2017-09-11 16:22:04,627 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152|Rest|WebSSO|SAML|AssertionConsumerService  - doWithRequestorLocked(); Requestor: A89A1FEB10AA1950BFC2585C9F5956394; Lock released 
2017-09-11 16:22:04,633 [ http-0.0.0.0:8543-3] [  STANDARD] [                    ] (pega.TRACE.requestor_lifecycle) DEBUG pppegadev.hu.cre.insim.biz|10.83.171.152|Rest|WebSSO|SAML|AssertionConsumerService  - New Requestor A89A1FEB10AA1950BFC2585C9F5956394 is created 
2017-09-11 16:22:04,658 [ http-0.0.0.0:8543-3] [  STANDARD] [     PegaRULES:07.10] (Admin_Security_SSO_SAML.Action) ERROR pppegadev.hu.cre.insim.biz|10.83.171.152|Rest|WebSSO|SAML|AssertionConsumerService|A89A1FEB10AA1950BFC2585C9F5956394  - Error while executing the Assertion Consumer Service activity : The Response did not contain any Authentication Statement that matched the Subject Confirmation criteria 

Any suggestions, please?

Regards,
Tamas

***Updated by moderator: Lochan to add SR details***

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Security System Administration SR Created
Moderation Team has archived post
Share this page LinkedIn