Question

10
Replies
2801
Views
TamasZ28 Member since 2015 2 posts
NN Biztosító Zrt
Posted: 4 years ago
Last activity: 4 years 7 months ago
Closed
Solved

setting SSO usign ADFS

Hi,

Please help me in setting SSO in Pega 7.1.7 using SAML2 with MS ADFS as IdP.

 

I created an Authentication Service in Pega called SAMLAuth1 and our AD admin could add the PEGA server as a trust relay party at ADFS server using the SP metadata from Pega.

I could imported the IdP metadata from ADFS to our Pega server too.

But after I tried to log in our Pega /prweb/sso1 url I redirected to our ADFS server and got error message. On Pega log I did not see any error message.

I tried with SAML tracer Firefox plugin, and there was only SAML AuthnRequest message and no response.

Could you help me with some screenshots how the ADFS side should be configured? Should it be work with 7.1.7 version of Pega?

At ADFS side there was this error message in the log:

Exception details: 

System.Xml.XmlException: MSIS0018: The SAML protocol message cannot be read because it contains data that is not valid. ---> System.ArgumentException: ID4128: The value is not a valid SAML ID.

Parameter name: value ---> System.Xml.XmlException: The '/' character, hexadecimal value 0x2F, cannot be included in a name.
   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
   at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader reader, SamlMessage message)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader reader, SamlMessage message)
   at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader reader)
   at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage)
   at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection)
   at Microsoft.IdentityServer.Protocols.Saml.HttpPostSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form)
   at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


System.ArgumentException: ID4128: The value is not a valid SAML ID.

Parameter name: value ---> System.Xml.XmlException: The '/' character, hexadecimal value 0x2F, cannot be included in a name.
   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
   at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader reader, SamlMessage message)


System.Xml.XmlException: The '/' character, hexadecimal value 0x2F, cannot be included in a name.

   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)

Security
Moderation Team has archived post
Share this page LinkedIn