UMP configured with SAML against ADFS 2 fails with error 'Unable to process SAML request'

Document ID:  TEC1436983
Last Modified Date:  07/07/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Unified Infrastructure Management

Releases

  • CA Unified Infrastructure Management:Release:8.51

Components

  • UIM - UMP:UIMUMP
Issue:

After configuring UMP to use SAML authentication, while trying to login to the system with a SAML account the error  'Unable to process SAML request' is displayed.

 

Environment:
UIM 8.51
Cause:

This issue can be cause by the lack of escape character (\) before colon characters in a UMP configuration file.

The following error is logged in portal.log:

org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.xml.security.SecurityException: java.security.UnrecoverableKeyException: requested entry requires a password
Resolution:

To resolve this problem you should deactivate the wasp probe and edit the portal-ext.properties file.

If any configuration setting in this file contains a colon they should always be escaped with a backslash.

 

In this example (not restricted to the sample parameters) you should change the setting:

 

FROM

saml.keystore.credential.password[http://url.domain.com/sp]=my:password

saml.entity.id=http://url.domain.com/sp 

saml.sp.default.idp.entity.id=http://SERVER.domain.com/adfs/services/trust 

 

TO

saml.keystore.credential.password[http\://url.domain.com/sp]=my\:password

saml.entity.id=http\://url.domain.com/sp 

saml.sp.default.idp.entity.id=http\://SERVER.domain.com/adfs/services/trust 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing