I am trying to configure Desktop SSO between Pega(SP) and ADFS(IDP) but getting the following error:
Unable to process the SAML WebSSO request : The Response did not contain any Authentication Statement that matched the Subject Confirmation criteria
I can see in the logs that the SAML Web SSO Authentication Activity (Step: AuthService.pySAMLWebSSO) is generating a SAML request with a SHA1 signature:
Generated authentication request : <saml2p:AuthnRequest....<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
But ADFS is generating a SHA256 signature method response.
We are on Pega Cloud 7.3.1. There is a bug in the product. We got this response from Pega:
Here is an existing hotfix-42004 as DL-83609.
Made required code changes in sign() method of SAMLPostBindingHandler.java.
previously signature algorithm was hard coded. Now we we get signature algorithm from SP certificate.
(Please use RSA-SHA256 algorithm for SP certificate)
Please install the DL file by hotfix manager and restart is required.
However, this has only partially resolved the issue. We also need a fix for the logout request. Currently with Pega support. Will post the update when I hear back from them.
Posted: 5 years ago
Posted: 27 Apr 2018 16:20 EDT
Marissa Rogers (MarissaRogers)
Principal Knowledge Management Specialist