Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Ken Leung (KenL7169)
Vistra Hong Kong Ltd

Vistra Hong Kong Ltd
HK
KenL7169 Member since 2018 2 posts
Vistra Hong Kong Ltd
Posted: Sep 4, 2018
Last activity: Sep 7, 2018
Posted: 4 Sep 2018 0:38 EDT
Last activity: 7 Sep 2018 3:59 EDT
Closed

ADFS 3.0 does not recognize Pega SAML request signature

ADFS does not support the SHA-1 algorithm used by Pega. So ADFS refuses Pega authentication request on Pega Platform 7.4

Errors on ADFS side:

Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureAlgorithmMismatchException: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.

Errror on Pega side:

Unable to process the SAML WebSSO request : Caught Exception while validating SAML2 Authentication response protocol : Received SAML token with invalid status code : urn:oasis:names:tc:SAML:2.0:status:Responder

To see attachments, please log in.
Pega Platform
Security

Posted: 6 years ago
Updated: 6 years ago
Posted: 6 Sep 2018 18:34 EDT
Updated: 7 Sep 2018 3:56 EDT
Ajay Rangarh (Ajay_Rangarh)
Instellars
Consultant
Instellars
IN

There are 2 hotfixes available for this in Pega 7.3.1:  Hfix-42004 and HFix-42747.  

In case you'd need the same hotfixes for Pega 7.4 - Please log a SR with GCS.

This is planned to be fixed in the upcoming release.

To see attachments, please log in.
Posted: 6 years ago
Updated: 6 years ago
Posted: 6 Sep 2018 18:37 EDT
Updated: 7 Sep 2018 3:59 EDT
Ajay Rangarh (Ajay_Rangarh)
Instellars
Consultant
Instellars
IN

My bad. Yes, if you upgrade to our upcoming release of Pega Infinity, the issue won't be observed.

However, if you want the fix on Pega 7.4, you will have to contact GCS Support to get the changes ported.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice