The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now!
A chart showing the TIBCO Platform vision
Jump to content
Forums
Ask questions and gain insight from discussions

WebFOCUS 8207.17 single sign on help with ADFS SAML


Brian Gibson

Recommended Posts

Hi all,

Anyone out there running WebFOCUS 82 with SAML pointing to an ADFS server

The user successfully gets redirected to our ADFS sign page, they sign in, then get redirected back to the WebFOCUS server but get a 401 Unauthorized error "You are not authorized to view this page".

Here is what I think is the important entry in the websecurity.log file when it's set to Trace.

[2021-10-15 10:15:35,691] DEBUG [https-jsse-nio-443-exec-10:SAMLAuthenticationProvider] :unknown: - [Zone: main]Error validating SAML messageorg.springframework.security.saml.SAMLStatusException: Response has invalid status codeurn:oasis:names:tc:SAML:2.0:status:Responder, status message is null

 

Looking at the error online it suggests switching the "Advanced" tab in ADFS for that service provider to use SHA-1 instead of SHA-256 but when I do that I see "Illegal key size" errors in the logs so I think that was a step backwards.

I also tried adding a claim rule in ADFS to relase the saMAccountName Active Directory attribute as the "Name ID" issued claim but that didn't seem to help either.

I'd love to compare notes with someone that has this working.

Thanks!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...