000038790 - Signature cryptographic validation not successful error for all RSA SecurID Access integrated Windows Authentication (IWA) attempts

Document created by RSA Customer Support Employee on Apr 29, 2020Last modified by RSA Customer Support Employee on Apr 29, 2020
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038790
Applies ToRSA Product Set: RSA SecurID Access
RSA Product/Service Type: Identity Router
 
IssueEnd users are unable to log in to their Application Portal or perform SSO login to applications with IWA. When the users try to log in using their usernames and passwords they succeed, thus it is not an issue with the portal itself.

The User Event Monitor shows the following messages:
 
User ID: unknown
Description: Portal logon failed - Authentication failed.
Authentication Details: {"additionalText":"{MESSAGE=Idp login failed. There was trouble processing the idp request., USERID=unknown, USERNAME=unknown, NOT_AUTHNED_REASON=Unable to authenticate with the credentials you provided. Please try again., RESULT=NOT_AUTHENTICATED}"}


The following error is seen in the IDR logs:
 
ERROR com.symplified.platform.webservice.WebServiceApiSecurityUtils[268] - No Authorization header Present
.
.
.
Caused by: org.opensaml.xmlsec.signature.support.SignatureException: Signature cryptographic validation not successful
CauseThere is a mismatch between the certificate the IWA server and what is uploaded for the IWA connection in the Cloud Administration Console.
ResolutionThe customer must generate a new .pem and a corresponding .pfx and upload them. Alternatively, the steps that are shown in article 000035019 - Signature cryptographic validation not successful error for all RSA SecurID Access integrated Windows Authentication (IWA) attempts can be used to generate the new key pair from the Cloud Administration Console.



 

Attachments

    Outcomes