UMP configured with SAML against ADFS 2 fails with error 'Unable to process SAML request'

Document ID : KB000007363
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After configuring UMP to use SAML authentication, while trying to login to the system with a SAML account the error  'Unable to process SAML request' is displayed.

 

Environment:
UIM 8.51
Cause:

This issue can be cause by the lack of escape character (\) before colon characters in a UMP configuration file.

The following error is logged in portal.log:

org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.xml.security.SecurityException: java.security.UnrecoverableKeyException: requested entry requires a password
Resolution:

To resolve this problem you should deactivate the wasp probe and edit the portal-ext.properties file.

If any configuration setting in this file contains a colon they should always be escaped with a backslash.

 

In this example (not restricted to the sample parameters) you should change the setting:

 

FROM

saml.keystore.credential.password[http://url.domain.com/sp]=my:password

saml.entity.id=http://url.domain.com/sp 

saml.sp.default.idp.entity.id=http://SERVER.domain.com/adfs/services/trust 

 

TO

saml.keystore.credential.password[http\://url.domain.com/sp]=my\:password

saml.entity.id=http\://url.domain.com/sp 

saml.sp.default.idp.entity.id=http\://SERVER.domain.com/adfs/services/trust