Attributes are missing from the SAML response sent by the RSA SecurID Access Identity Router to Microsoft AD FS
Originally Published: 2017-10-24
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: v1.5.4
Issue
The AuthnRequest and AuthnResponse can be viewed in the IDR's system log (downloaded as /var/log/symplified/symplified.log in the Identity Router Log Bundle). An example is:
2017-09-22/06:06:43.084/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[278] - Received inbound SAML 2 AuthNRequest: <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://sso.example.com/IdPServlet?idp_id=wejvzsgcrtko" ID="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:36.294Z" Version="2.0"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.example.com/adfs/services/trust</Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest> 2017-09-22/06:06:43.098/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[330] - Generated response: <?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://adfs.example.com/adfs/ls/" ID="okienljgaajaannmijdclpcipmjjffphnfoiinpp" InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:43.084Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wejvzsgcrtko</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#okienljgaajaannmijdclpcipmjjffphnfoiinpp"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lwKlIplJlIfnprotr6CdmDQPtcc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SIGNATURE</ds:SignatureValue></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn" IssueInstant="2017-09-22T06:06:43.085Z" Version="2.0"><saml2:Issuer>wejvzsgcrtko</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Firstname.Lastname@example.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" NotOnOrAfter="2017-09-22T06:16:43.085Z" Recipient="https://adfs.example.com/adfs/ls/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-09-22T06:01:43.085Z" NotOnOrAfter="2017-09-22T06:16:43.085Z"><saml2:AudienceRestriction><saml2:Audience>http://adfs.example.com/adfs/services/trust</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-09-22T06:06:43.085Z" SessionIndex="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
Cause
Workaround
Related Articles
SAML 2.0 response sent to the SP service causes an exception Number of Views RSA Announces RSA Authentication Agent 1.0.2 for Microsoft AD FS Number of Views RSA announces the release of RSA Authentication Agent 1.0.1 for Microsoft AD FS Number of Views Entitlements missing in PV_USER_DIRECT_ACCESS view in RSA Identity Governance & Lifecycle Number of Views RSA MFA Agent 3.0 for Microsoft AD FS Group Policy Object Template Guide (Japanese) Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
