Attributes are missing from the SAML response sent by the RSA SecurID Access Identity Router to Microsoft AD FS
Originally Published: 2017-10-24
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: v1.5.4
Issue
The AuthnRequest and AuthnResponse can be viewed in the IDR's system log (downloaded as /var/log/symplified/symplified.log in the Identity Router Log Bundle). An example is:
2017-09-22/06:06:43.084/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[278] - Received inbound SAML 2 AuthNRequest: <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://sso.example.com/IdPServlet?idp_id=wejvzsgcrtko" ID="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:36.294Z" Version="2.0"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.example.com/adfs/services/trust</Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest> 2017-09-22/06:06:43.098/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[330] - Generated response: <?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://adfs.example.com/adfs/ls/" ID="okienljgaajaannmijdclpcipmjjffphnfoiinpp" InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:43.084Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wejvzsgcrtko</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#okienljgaajaannmijdclpcipmjjffphnfoiinpp"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lwKlIplJlIfnprotr6CdmDQPtcc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SIGNATURE</ds:SignatureValue></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn" IssueInstant="2017-09-22T06:06:43.085Z" Version="2.0"><saml2:Issuer>wejvzsgcrtko</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Firstname.Lastname@example.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" NotOnOrAfter="2017-09-22T06:16:43.085Z" Recipient="https://adfs.example.com/adfs/ls/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-09-22T06:01:43.085Z" NotOnOrAfter="2017-09-22T06:16:43.085Z"><saml2:AudienceRestriction><saml2:Audience>http://adfs.example.com/adfs/services/trust</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-09-22T06:06:43.085Z" SessionIndex="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
Cause
Workaround
Related Articles
System.DllNotFoundException: Unable to load DLL 'km' Number of Views Example: SAML IdP for Cloud Access Service Assertion Number of Views Error occured in RSA Federated Identity Manger (FIM) 4.1 'Unable to verify the signature value' error when processing asse… Number of Views Activity Node Excludes Previous Approvers Without Exclusion Settings in RSA Governance & Lifecycle Number of Views Skyhigh Secure Web Gateway (Cloud using Browser Setting) - SAML Relying Party Configuration - RSA Ready Implementation Guide Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
