Attributes are missing from the SAML response sent by the RSA SecurID Access Identity Router to Microsoft AD FS
Originally Published: 2017-10-24
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: v1.5.4
Issue
The AuthnRequest and AuthnResponse can be viewed in the IDR's system log (downloaded as /var/log/symplified/symplified.log in the Identity Router Log Bundle). An example is:
2017-09-22/06:06:43.084/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[278] - Received inbound SAML 2 AuthNRequest: <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://sso.example.com/IdPServlet?idp_id=wejvzsgcrtko" ID="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:36.294Z" Version="2.0"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.example.com/adfs/services/trust</Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest> 2017-09-22/06:06:43.098/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[330] - Generated response: <?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://adfs.example.com/adfs/ls/" ID="okienljgaajaannmijdclpcipmjjffphnfoiinpp" InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:43.084Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wejvzsgcrtko</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#okienljgaajaannmijdclpcipmjjffphnfoiinpp"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lwKlIplJlIfnprotr6CdmDQPtcc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SIGNATURE</ds:SignatureValue></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn" IssueInstant="2017-09-22T06:06:43.085Z" Version="2.0"><saml2:Issuer>wejvzsgcrtko</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Firstname.Lastname@example.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" NotOnOrAfter="2017-09-22T06:16:43.085Z" Recipient="https://adfs.example.com/adfs/ls/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-09-22T06:01:43.085Z" NotOnOrAfter="2017-09-22T06:16:43.085Z"><saml2:AudienceRestriction><saml2:Audience>http://adfs.example.com/adfs/services/trust</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-09-22T06:06:43.085Z" SessionIndex="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
Cause
Workaround
Related Articles
Ping Directory - Identity Source Cloud Authentication Service Integration - RSA Ready Implementation Guide Number of Views Ping Directory- Identity Source Authentication Manager Integration - RSA Ready Implementation Guide Number of Views System.DllNotFoundException: Unable to load DLL 'km' Number of Views Microsoft Exchange Management Console/PowerShell error with RSA Authentication Agent 8.0 for Web for IIS Number of Views Example: SAML IdP for Cloud Access Service Assertion Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
