SAML Authentication Stops Working After Upgrade to 6.0.17.x (KBA9738)

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

KBA

KBA# 9738

Issue

After upgrading to Continuous Data Engine version 6.0.17.x, SAML Authentication stops working. Example errors:

An error occurred. Contact your administrator for more information.

Error details

Activity ID: d7d1e570-ad9a-4c72-6481-1080090000dd

Relying party: Delphix-422a5dce-0cc2-16b3-aa1a-44d1e7cb3fcf

Error details: MSIS3110: Cannot find AssertionConsumerService configured on the relying party trust 'microsoft:identityserver:422a5dce-0cc2-16b3-aa1a-44d1e7cb3fcf' that matches the request parameters: AssertionConsumerServiceIndex=, AssertionConsumerServiceUrl='https://<engine>/sso/response', ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'.

Node name: ecb72bad-b8c8-4882-8282-30de4b44646a

Error time: Fri, 25 Nov 2022 15:34:59 GMT

Cookie: enabled

User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36

AADSTS750032: SAML protocol response cannot be sent via bindings other than HTTP POST. Requested binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

In 6.0.17.x, Spring SAML was upgraded. This latest Spring SAML will use a redirect if the HTTP-Redirect element is present in the SAML metadata XML.

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies

Major Release	All Sub Releases
6.0	6.0.17.0, 6.0.17.1, 6.0.17.2

Resolution

To resolve this issue, remove the following element from the SAML metadata XML:

<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="..."/>

This resolution works for both ADFS and Azure AD.