Question

4
Replies
764
Views
BillC931 Member since 2017 3 posts
Atesis Pty Ltd
Posted: 2 years ago
Last activity: 2 years 4 months ago
Closed
Solved

SAML WebSSO SHA1 issue with ADFS

Hi,

I am trying to configure Desktop SSO between Pega(SP) and ADFS(IDP) but getting the following error:
Unable to process the SAML WebSSO request : The Response did not contain any Authentication Statement that matched the Subject Confirmation criteria

I can see in the logs that the SAML Web SSO Authentication Activity (Step: AuthService.pySAMLWebSSO) is generating a SAML request with a SHA1 signature:
Generated authentication request : <saml2p:AuthnRequest....<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

But ADFS is generating a SHA256 signature method response.

Is there any way to configure Pega such that it uses a "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" signature method algorithm?

The method samlutils.createAuthenticationRequest passes in a Data-Admin-Security-SSO-SAML class type, but there is no property to set the signature method algorithm.

Thanks,

Bill

***Updated by moderator: Lochan to tag SR to post***

Security SR Created
Moderation Team has archived post
Share this page LinkedIn