Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
Unable to Process SAML request Error
Hi All,
We are facing issue with SAML SSO integration. Some of the users are randomly getting error as :- "Unable to process SAML request".
This issue is not always happening, it is coming for some of the users randomly. Also the users facing the same issue on a day, next day they are able to login via SSO without any configuration/profile changes.
We are using latest SAML plugin from the marketplace. Apart from SAML plugin, we are also importing user from LDAP. We have setup LDAP import sync in every 8 hours with our system.
Some of the wierd observation:-
1) On our DB, generally the users facing this kind of issue, have in User_ table "passwordModifiedDate" greater than "modifiedDate".
2). Sometimes, User_ table both field "passwordModifiedDate" & "modifiedDate" is greater than current timestamp. Query used to fetch data is:-
SELECT screenName, emailAddress, firstName, lastName, modifiedDate, passwordModifiedDate, status, lastLoginDate, lastFailedLoginDate FROM User_ where ( (CURRENT_TIMESTAMP < passwordModifiedDate OR CURRENT_TIMESTAMP < modifiedDate) and loginDate is not null
We are using Liferay 7.1 version and SAML plugin version is 4.0.1. Apart from that below config is done:-
LDAP configuration that we had done is as below:-
1). Enable Import - Yes
2). Enable Import on Startup - No
3). Import Interval - 480
4). Import Method - User_
5). Lock Expiration Time - 86400000
6). Import user Sync Strategy - Auth Type
7). Enable User Password on Import - No
8). Enable Group Cache on Import - Yes
9). Enable Group Export - Yes
Other than this configuration, we have kept settings as unchecked.
SAML Config:-
1). SAML Role:- Service Provider
2). Require Assertion Signature? - Yes
3). Other all options are unchecked
We have also turned on loggers for SAML related classes and we get the exception always when we get above SAML error as given in attached file.
Any leads on above will be helpful.
We are facing issue with SAML SSO integration. Some of the users are randomly getting error as :- "Unable to process SAML request".
This issue is not always happening, it is coming for some of the users randomly. Also the users facing the same issue on a day, next day they are able to login via SSO without any configuration/profile changes.
We are using latest SAML plugin from the marketplace. Apart from SAML plugin, we are also importing user from LDAP. We have setup LDAP import sync in every 8 hours with our system.
Some of the wierd observation:-
1) On our DB, generally the users facing this kind of issue, have in User_ table "passwordModifiedDate" greater than "modifiedDate".
2). Sometimes, User_ table both field "passwordModifiedDate" & "modifiedDate" is greater than current timestamp. Query used to fetch data is:-
SELECT screenName, emailAddress, firstName, lastName, modifiedDate, passwordModifiedDate, status, lastLoginDate, lastFailedLoginDate FROM User_ where ( (CURRENT_TIMESTAMP < passwordModifiedDate OR CURRENT_TIMESTAMP < modifiedDate) and loginDate is not null
We are using Liferay 7.1 version and SAML plugin version is 4.0.1. Apart from that below config is done:-
LDAP configuration that we had done is as below:-
1). Enable Import - Yes
2). Enable Import on Startup - No
3). Import Interval - 480
4). Import Method - User_
5). Lock Expiration Time - 86400000
6). Import user Sync Strategy - Auth Type
7). Enable User Password on Import - No
8). Enable Group Cache on Import - Yes
9). Enable Group Export - Yes
Other than this configuration, we have kept settings as unchecked.
SAML Config:-
1). SAML Role:- Service Provider
2). Require Assertion Signature? - Yes
3). Other all options are unchecked
We have also turned on loggers for SAML related classes and we get the exception always when we get above SAML error as given in attached file.
Any leads on above will be helpful.
Attachments:
Community
Company
Feedback