Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Murari DurgaPrasad (MurariD0)
Bank Of America

Bank Of America
IN
MurariD0 Member since 2021 2 posts
Bank Of America
Posted: Jul 20, 2022
Last activity: Jul 21, 2022
Posted: 20 Jul 2022 8:46 EDT
Last activity: 21 Jul 2022 5:42 EDT
Closed

Failed while executing the SAML auth flow

 
Issue 1 ::

2022-07-13 08:51:09,744 [jsse-nio-443-exec-16] [  STANDARD] [                    ] [    NBIUWWB:02.02.01] ( auth.saml.SAMLResponseHandler) ERROR workbench.nbfc.com| Proprietary information hidden|RelayStateID: fc1872b7-f971-470b-8bc8-3912f8a315e2 :RelayStateID HJREEJTR9OQ4VIAXU6IYAVISH3PN0HYW1A  - Failed while executing the SAML auth flow.;com.pega.pegarules.pub.PRRuntimeException: Possible case of replay attack , so cannot proceed further ; at com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.validateRelayStateID(SAMLResponseHandler.java:99) ~[printegrint.jar:?]; at com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.handleSAMLResponse(SAMLResponseHandler.java:77) ~[printegrint.jar:?]; at com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.authenticate(SAMLResponseHandler.java:63) ~[printegrint.jar:?]; at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRAuth.authenticateOperator(SchemePRAuth.java:305) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:511) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.performAuthentication(HTTPAuthenticationHandler.java:257) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.doHttpReqAuthentication(HTTPAuthenticationHandler.java:100) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface
Show More 
Issue 1 ::

2022-07-13 08:51:09,744 [jsse-nio-443-exec-16] [  STANDARD] [                    ] [    NBIUWWB:02.02.01] ( auth.saml.SAMLResponseHandler) ERROR workbench.nbfc.com| Proprietary information hidden|RelayStateID: fc1872b7-f971-470b-8bc8-3912f8a315e2 :RelayStateID HJREEJTR9OQ4VIAXU6IYAVISH3PN0HYW1A  - Failed while executing the SAML auth flow.;com.pega.pegarules.pub.PRRuntimeException: Possible case of replay attack , so cannot proceed further ; at com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.validateRelayStateID(SAMLResponseHandler.java:99) ~[printegrint.jar:?]; at com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.handleSAMLResponse(SAMLResponseHandler.java:77) ~[printegrint.jar:?]; at com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.authenticate(SAMLResponseHandler.java:63) ~[printegrint.jar:?]; at com.pega.pegarules.session.internal.mgmt.authentication.SchemePRAuth.authenticateOperator(SchemePRAuth.java:305) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.mgmt.authentication.Authentication.doAuthentication(Authentication.java:511) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.performAuthentication(HTTPAuthenticationHandler.java:257) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.service.HTTPAuthenticationHandler.doHttpReqAuthentication(HTTPAuthenticationHandler.java:100) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.handleAuthentication(HttpAPI.java:2927) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:617) ~[prenginext.jar:?]; at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:443) ~[prenginext.jar:?]; at sun.reflect.GeneratedMethodAccessor118.invoke(Unknown Source) ~[?:?]; at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:1.8.0_131]; at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_131]; at com.pega.pegarules.session.internal.PRSessionProviderImpl.performTargetActionWithLock(PRSessionProviderImpl.java:1391) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:1123) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:977) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequest(EngineAPI.java:368) ~[prenginext.jar:?]; at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.invoke(HttpAPI.java:930) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl._invokeEngine_privact(EngineImpl.java:338) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:282) ~[prprivate-session.jar:?]; at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:259) ~[prprivate-session.jar:?]; at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngineInner(JNDIEnvironment.java:281) ~[prpublic.jar:?]; at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngine(JNDIEnvironment.java:226) ~[prpublic.jar:?]; at com.pega.pegarules.web.impl.WebStandardImpl.invokeEngine(WebStandardImpl.java:837) ~[prwebj2ee.jar:?]; at com.pega.pegarules.web.impl.WebStandardImpl.makeEtierRequest(WebStandardImpl.java:797) ~[prwebj2ee.jar:?]; at com.pega.pegarules.web.impl.WebStandardImpl.doPostInner(WebStandardImpl.java:420) ~[prwebj2ee.jar:?]; at sun.reflect.GeneratedMethodAccessor113.invoke(Unknown Source) ~[?:?]; at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:1.8.0_131]; at java.lang.reflect.Method.invoke(Unknown Source) ~[?:1.8.0_131]; at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:388) ~[prbootstrap-8.6.2-382.jar:8.6.2-382]; at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:430) ~[prbootstrap-8.6.2-382.jar:8.6.2-382]; at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:225) ~[prbootstrap-api-8.6.2-382.jar:8.6.2-382]; at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethod(AppServerBridgeToPega.java:274) ~[prbootstrap-api-8.6.2-382.jar:8.6.2-382]; at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doPost(WebStandardBoot.java:164) ~[prbootstrap-api-8.6.2-382.jar:8.6.2-382]; at javax.servlet.http.HttpServlet.service(HttpServlet.java:681) ~[servlet-api.jar:4.0.FR]; at com.pega.pegarules.internal.web.servlet.WebStandardBoot.service(WebStandardBoot.java:191) ~[prbootstrap-api-8.6.2-382.jar:8.6.2-382]; at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) ~[servlet-api.jar:4.0.FR]; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[catalina.jar:9.0.58]; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.58]; at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.58]; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.58]; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.58]; at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[catalina.jar:9.0.58]; at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[catalina.jar:9.0.58]; at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) ~[catalina.jar:9.0.58]; at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[catalina.jar:9.0.58]; at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[catalina.jar:9.0.58]; at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[catalina.jar:9.0.58]; at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359) ~[catalina.jar:9.0.58]; at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-coyote.jar:9.0.58]; at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.58]; at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889) ~[tomcat-coyote.jar:9.0.58]; at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735) ~[tomcat-coyote.jar:9.0.58]; at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.58]; at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:9.0.58]; at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:9.0.58]; at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.58]; at java.lang.Thread.run(Unknown Source) [?:1.8.0_131];

Hi ,

 

We are getting below error in production for SAML auth. Could you please help us any solution.

 

Failed while executing the SAML auth flow.;com.pega.pegarules.pub.PRRuntimeException: Possible case of replay attack , so cannot proceed further

 

Any help is appreciated.

 

Thanks & Regards,

Murari.

 

Show Less
To see attachments, please log in.
Pega Platform 8.6.2
Security
Insurance
System Architect

Posted: 2 years ago
Posted: 21 Jul 2022 5:42 EDT
Kaustav Dutta (KAUSTAV.DUTTA)
Accenture
Senior Architect
Accenture
AU

@MurariD0This message is most common when SAML login url's are bookmarked / reused or when the logoff directive is not properly set. Check that Logout location in the Authentication Service rule is it set or is it blank , if it's set try blanking it out and then retry. You could also use SAML tracer (chrome plugin) to trace the SAML requests . 

To see attachments, please log in.
  • Murari DurgaPrasad Kaustav Dutta PRIYADHARSHINI GS

Related content:

Question

Failed while executing the SAML auth flow.;com.pega.pegarules.pub.PRRuntimeException: Error authenticating user, contact administr

Question

SAML Auth no match Error message

Question

Failed while execting the saml auth flow the page or property operatorid.pyuseridentifer is read only and cannot be modified.

Question

SAML Auth Service attributes in acivity pySAMLWebSSOAuthenticationActivity

Question

Getting error "SAML signature validation failed" while updating a SSO certificate

Question Solved

SSO SAML Auth service Post activity not triggered

Question

Failed to construct kafka consumer. javax.security.auth.login.FailedLoginException

Question Solved

SSO(OIDC) Error "Error while executing OIDB flow

Question

SAML 2.0 Auth Service migration

Question Solved

Fail the Requestor during SAML Authentication

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice