Unable to get SAML authentication working for ACC through MOM IDP

Document ID : KB000101418
Last Modified Date : 14/06/2018
Show Technical Document Details
Issue:
Unable to get SAML authentication working for APM Command Center through the MOM IDP.
Environment:
APM 10.7.0.45, (GA)
Operating System: RHEL 7 x64
SAML 2.0
Cause:

Log Analysis:

16:02:26.028 - WARN [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:206] - Relying party 'com:ca:apm:acc' requested the response to be returned to endpoint with ACS URL 'https://CATecwWily04422.INT.CATEST.COM:8443/saml/SSO' and binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' however no endpoint, with that URL and using a supported binding, can be found in the relying party's metadata
16:02:26.029 - ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:448] - No return endpoint available for relying party com:ca:apm:acc

There seems to be a mismatch of ACS URL from authentication request and IdP metadata. The problem is with fqdn being uppercase in one case.

 
Resolution:
Add the following to the ACC config file (config/apmccsrv.properties), restart ACC
 
authentication.central.entityBaseURL=https://catecwwily04422.int.catest.com:8443

 
Additional Information: