Signature cryptographic validation not successful error for all RSA SecurID Access integrated Windows Authentication (IWA) attempts
4 years ago
Originally Published: 2020-04-27
Article Number
000044934
Applies To
RSA Product Set: RSA SecurID Access
RSA Product/Service Type: Identity Router
 
Issue
End users are unable to log in to their Application Portal or perform SSO login to applications with IWA. When the users try to log in using their usernames and passwords they succeed, thus it is not an issue with the portal itself.

The User Event Monitor shows the following messages:
 
User ID: unknown
Description: Portal logon failed - Authentication failed.
Authentication Details: {"additionalText":"{MESSAGE=Idp login failed. There was trouble processing the idp request., USERID=unknown, USERNAME=unknown, NOT_AUTHNED_REASON=Unable to authenticate with the credentials you provided. Please try again., RESULT=NOT_AUTHENTICATED}"}

The following error is seen in the IDR logs:
 
ERROR com.symplified.platform.webservice.WebServiceApiSecurityUtils[268] - No Authorization header Present
.
.
.
Caused by: org.opensaml.xmlsec.signature.support.SignatureException: Signature cryptographic validation not successful
Cause
There is a mismatch between the certificate the IWA server and what is uploaded for the IWA connection in the Cloud Administration Console.
Resolution
The customer must generate a new .pem and a corresponding .pfx and upload them. Alternatively, the steps that are shown in article 000035019 - Signature cryptographic validation not successful error for all RSA SecurID Access integrated Windows Authentication (IWA) attempts can be used to generate the new key pair from the Cloud Administration Console.



 
Don't see what you're looking for?