WebFOCUS 8207.17 single sign on help with ADFS SAML

[Brian Gibson]

Hi all,

Anyone out there running WebFOCUS 82 with SAML pointing to an ADFS server

The user successfully gets redirected to our ADFS sign page, they sign in, then get redirected back to the WebFOCUS server but get a 401 Unauthorized error "You are not authorized to view this page".

Here is what I think is the important entry in the websecurity.log file when it's set to Trace.

[2021-10-15 10:15:35,691] DEBUG [https-jsse-nio-443-exec-10:SAMLAuthenticationProvider] :unknown: - [Zone: main]Error validating SAML messageorg.springframework.security.saml.SAMLStatusException: Response has invalid status codeurn:oasis:names:tc:SAML:2.0:status:Responder, status message is null

 

Looking at the error online it suggests switching the "Advanced" tab in ADFS for that service provider to use SHA-1 instead of SHA-256 but when I do that I see "Illegal key size" errors in the logs so I think that was a step backwards.

I also tried adding a claim rule in ADFS to relase the saMAccountName Active Directory attribute as the "Name ID" issued claim but that didn't seem to help either.

I'd love to compare notes with someone that has this working.

Thanks!