cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
ravikumar901
Fluorite | Level 6 ravikumar901
Fluorite | Level 6
Go to Solution

SAML signature validation issue in SAS Viya 4

Posted 08-27-2024 08:28 AM (1430 views)

Hi,

Im configuring SAML in SAS Viya 4 ,i have followed 
https://documentation.sas.com/doc/en/sasadmincdc/v_055/calauthmdl/n1iyx40th7exrqn1ej8t12gfhm88.htm#n...
and communities link 
https://communities.sas.com/t5/SAS-Communities-Library/SAS-Viya-2021-2-SAML-with-Multi-Tenancy/ta-p/...
generated certificates using  following commands

mkdir -p ~/SAML_Certs
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
 -subj "/ST=SelfSigned/CN=SASLogonSigningKey" \
 -keyout ~/SAML_Certs/SASLogonSigning.key \
 -out ~/SAML_Certs/SASLogonSigning.cert
openssl rsa -in ~/SAML_Certs/SASLogonSigning.key -out ~/SAML_Certs/SASLogonSigningRSA.ke

but getting validation protocol message signature failed error while logging with user .

ravikumar901_0-1724761683799.png

 

Please help me out to resolve this.

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: SAML signature validation issue in SAS Viya 4

Posted 08-28-2024 02:33 PM (1336 views)  |   In reply to ravikumar901
This typically indicates an issue in your idpMetadata field in sas.logon.saml.providers. The SAML assertion being sent to authenticate the user is being signed by a different certificate/key than what is in the idpMetadata, so SAS Logon Manager cannot validate the signature.
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

0 Likes
Reply
1 REPLY 1
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: SAML signature validation issue in SAS Viya 4

Posted 08-28-2024 02:33 PM (1337 views)  |   In reply to ravikumar901
This typically indicates an issue in your idpMetadata field in sas.logon.saml.providers. The SAML assertion being sent to authenticate the user is being signed by a different certificate/key than what is in the idpMetadata, so SAS Logon Manager cannot validate the signature.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

Learn how to explore data assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • ‎08-27-2024 08:28 AM
  • 1431 views
  • 0 likes
  • 2 in conversation