Community
Select to view content in your preferred language

Unable to login using Idp. Error validating encrypted Assertion Unwrapping failed

253
2
01-30-2025 01:41 AM
VirgilioPalmi
by Esri Contributor
Esri Contributor
‎01-30-2025 01:41 AM

 

Hi
we are running a federation with WSO2 and ArcGIS Enterprise 11.3.
the SAML configuration without Assertion works fine, but if we enable the assertion the error in question appears.

we have run various tests of certificate exchanges, deletion and creation of the federation, but nothing has helped.

 

in the logs set to Debug we find the following error

com.esri.gw.oauth2.OAuth2Exception: Unable to login using Idp. Error validating encrypted Assertion Unwrapping failed at com.esri.gw.saml.SAMLRequestHandler.signin(SAMLRequestHandler.java:398) at com.esri.gw.oauth2.OAuth2RequestHandler.service(OAuth2RequestHandler.java:453) at com.esri.gw.DispatchServlet.service(DispatchServlet.java:166) at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.PortalFilter.doFilter(PortalFilter.java:82) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.JSONFilter.doFilter(JSONFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.GZipFilter.doFilter(GZipFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.SecurityFilter.doFilter(SecurityFilter.java:100) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.ErrorFilter.doFilter(ErrorFilter.java:55) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.TraceFilter.doFilter(TraceFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.ProxyRequestCaptureFilter.doFilter(ProxyRequestCaptureFilter.java:126) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at com.esri.gw.filters.CharEncodingFilter.doFilter(CharEncodingFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:596) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at com.esri.arcgis.portal.util.TomcatValve.invoke(TomcatValve.java:43) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1732) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1295) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:643) at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$2.completed(Nio2Endpoint.java:619) at org.apache.tomcat.util.net.SecureNio2Channel$1.completed(SecureNio2Channel.java:1009) at org.apache.tomcat.util.net.SecureNio2Channel$1.completed(SecureNio2Channel.java:937) at java.base/sun.nio.ch.Invoker.invokeUnchecked(Unknown Source) at java.base/sun.nio.ch.Invoker$2.run(Unknown Source) at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Unknown Source)

what can be done before opening the ticket to support?
Thanks

 

 

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://tssitswm.aqp.it/portal/sharing/rest/oauth2/saml/signin"
                 ID="_a5160a299a89c2c1fcf59e38ec83a246"
                 InResponseTo="_YYywCdMEnlIPDtBg"
                 IssueInstant="2025-01-30T08:39:14.308Z"
                 Version="2.0"
                 xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
                xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">iscol.aqp.it</saml2:Issuer>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
      <Reference URI="#_a5160a299a89c2c1fcf59e38ec83a246">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <DigestValue>cuRoGxTWm+ZqYurXTU8u9Q8cHIC45OEqlhWHSnDAwuU=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>

      gx4LvaU23YrzhLgbn7UEaL8oH/U84mKXxwnwurnHGj02AtbDZOzVttqKCrZA9rlN/acb4nKz0y8v N2KVdrAmMiwaIJ3X9AaF+/Lc/c9pTlNMTgXWdaDHZQn0c3sQdFj182KF5O7TKYih6NePepTe5t23 5XA2sN5SV0GYY+3URk6fx1hKufP7kxRPrLCikhtYjQ5PzuanW2L4zShgOZIrR/rXq7uGaUj85dzb 2ejSnjQ4lCyofvOzGbS3nFhxHn3NvtB2T56oos/pZQ3RtTfSGNdPGhwgXWPg8lI+PcxpTNcC1YOg
      88OVF24sGYBzzeLEK26w3warAIS8Qou+nu8ouw==
    
</SignatureValue>
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:X509Data>
        <ds:X509Certificate>
MIIDsTCCApmgAwIBAgIJAOHIuco1811jMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAklUMQ4w DAYDVQQIDAVJVEFMWTENMAsGA1UEBwwEQmFyaTEMMAoGA1UECgwDQVFQMRwwGgYDVQQLDBNBY3F1 ZWRvdHRvIFB1Z2xpZXNlMQwwCgYDVQQDDANBUVAwHhcNMjIwOTEzMDkyODE1WhcNMzIwOTEwMDky ODE1WjBYMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSVRBTFkxDTALBgNVBAcMBEJhcmkxDDAKBgNV
          BAoMA0FRUDEcMBoGA1UEAwwTQWNxdWVkb3R0byBQdWdsaWVzZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALpiahQ977/1UvTqGXS0vzbBLV2ndI25fiiGVKYrLrvb7B7iqmO4aaeaIMvE 7C3Ym2dPan/O9M3z9dnHebMLSU/xfHpKPMhSUyaKT5r1vuW6LNn37bXh8MY2rdC6AVVix1ZGlzTB HF0+qzikKeO8x1CwPlh/tym06CvWF+cN/ZRtuCH+/RjyYbb3JEDyD/U318Kdy7jkxus5J/ySzlFp
          vrIo6qj3G64LCRN2ZXK7SMBt8PVdeQrFfc1wg3Dw7nGDu96WucLFHJy07gpy0UWj+lJzigPWufxY fJfjeSZ/V3BXvYzf+kGfgsoJk0EoQSxA5vNlQg0ITl4lwX4uW7v+SBECAwEAAaNwMG4wEwYDVR0g BAwwCjAIBgYrTBAEAgEwVwYDVR0RBFAwToIMaXNjb2wuYXFwLml0gg5hcGltY29sLmFxcC5pdIIP YXBpZ3djb2wuYXFwLml0gghjbGlkZW5zM4IIY2xhcGltMDOCCWxvY2FsaG9zdDANBgkqhkiG9w0B
          AQsFAAOCAQEAFK0x2yhQxqOBuYiD18FONrYmJGwKzfBqbIY3gw8NoDzG85kfi303YKhcAijyld5C pT0/oWEGjNunlor23tDyCKOn/TfU1ZQwlmqk6Egdz4/krtbh7NOIj3kJVVnZuzqHapfiSAXak73c ufcJsnlax7dskgizudxFAkac3CGCHKrCK/NoRagSYizhRjoC5Mp4J8pyPGQeeUAad9Cnn0Zj2fuW 4b0BFvgpcH/ETi35WtOu9m2rvrBRsAgxw6DV2ronUKD2sEBudSasbMpeJYAgImX+1xxn/9Nj29YD
          D80JqTTlV97Wf3RjS85/v5qhGOXc91UNIxcsGVeLCTALUOjNgA==
        
</ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </Signature>
  <saml2p:Status>
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></saml2p:Status>
  <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <xenc:EncryptedData Id="_53adc4821c888a49d2c3b82db97233c8"
                        Type="http://www.w3.org/2001/04/xmlenc#Element"
                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
                             xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" />
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <xenc:EncryptedKey Id="_0f5e2f6430690fcfe240344d80e9ca5e"
                           xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
          <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
                                 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
                          Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
                          xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
          </xenc:EncryptionMethod>
          <ds:KeyInfo>
            <ds:X509Data>
              <ds:X509Certificate>
MIIDsTCCApmgAwIBAgIJAOHIuco1811jMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNVBAYTAklUMQ4w DAYDVQQIDAVJVEFMWTENMAsGA1UEBwwEQmFyaTEMMAoGA1UECgwDQVFQMRwwGgYDVQQLDBNBY3F1 ZWRvdHRvIFB1Z2xpZXNlMQwwCgYDVQQDDANBUVAwHhcNMjIwOTEzMDkyODE1WhcNMzIwOTEwMDky ODE1WjBYMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSVRBTFkxDTALBgNVBAcMBEJhcmkxDDAKBgNV
                BAoMA0FRUDEcMBoGA1UEAwwTQWNxdWVkb3R0byBQdWdsaWVzZTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALpiahQ977/1UvTqGXS0vzbBLV2ndI25fiiGVKYrLrvb7B7iqmO4aaeaIMvE 7C3Ym2dPan/O9M3z9dnHebMLSU/xfHpKPMhSUyaKT5r1vuW6LNn37bXh8MY2rdC6AVVix1ZGlzTB HF0+qzikKeO8x1CwPlh/tym06CvWF+cN/ZRtuCH+/RjyYbb3JEDyD/U318Kdy7jkxus5J/ySzlFp
                vrIo6qj3G64LCRN2ZXK7SMBt8PVdeQrFfc1wg3Dw7nGDu96WucLFHJy07gpy0UWj+lJzigPWufxY fJfjeSZ/V3BXvYzf+kGfgsoJk0EoQSxA5vNlQg0ITl4lwX4uW7v+SBECAwEAAaNwMG4wEwYDVR0g BAwwCjAIBgYrTBAEAgEwVwYDVR0RBFAwToIMaXNjb2wuYXFwLml0gg5hcGltY29sLmFxcC5pdIIP YXBpZ3djb2wuYXFwLml0gghjbGlkZW5zM4IIY2xhcGltMDOCCWxvY2FsaG9zdDANBgkqhkiG9w0B
                AQsFAAOCAQEAFK0x2yhQxqOBuYiD18FONrYmJGwKzfBqbIY3gw8NoDzG85kfi303YKhcAijyld5C pT0/oWEGjNunlor23tDyCKOn/TfU1ZQwlmqk6Egdz4/krtbh7NOIj3kJVVnZuzqHapfiSAXak73c ufcJsnlax7dskgizudxFAkac3CGCHKrCK/NoRagSYizhRjoC5Mp4J8pyPGQeeUAad9Cnn0Zj2fuW 4b0BFvgpcH/ETi35WtOu9m2rvrBRsAgxw6DV2ronUKD2sEBudSasbMpeJYAgImX+1xxn/9Nj29YD
                D80JqTTlV97Wf3RjS85/v5qhGOXc91UNIxcsGVeLCTALUOjNgA==
              
</ds:X509Certificate>
            </ds:X509Data>
          </ds:KeyInfo>
          <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:CipherValue>
sozRyGXo7KQIe07Ehgc7/WbVdvnv2F3D42QXy142CLZs9sR6ogpUfHOmlgCsp2a0UDr/b/EQhB50 Pfjx+eFJYNQActUozuJLeCG9Q/BlyGqZo8sv5Jjutd2/7FaxDn/awYsP3GpcSOB385Uf0/lSisCH GNMPYigCM7kmZzanenKSi2gZz9YJxIvE0XwDqruMrf2EABek6YstJHh14AxUDJkFK8WBAUSkzGsC RHSMElI5Z5yhfACoLt27wELvObUWWQfyg0+3ZIWgZ0WAA/vbskf+i/8Hh1MQByHKCvXZtELpuzXh
              GFV+3oJmNrrRqTNX67bA5zHByPSgaABVLx3pPA==
            
</xenc:CipherValue>
          </xenc:CipherData>
        </xenc:EncryptedKey>
      </ds:KeyInfo>
      <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:CipherValue>
4FwsHLpNJhNTjzfWkmj5i3KPdF4mwRC7Hta++4gqPYkaMWJRNQf5KrXQxe8LZiNbCk+GDbknjGUv CPD+XdArj9B5tIFXvDh0hSyMAGy3OS5VlQHjUZ/9kvRP/LXwPeM/YVrc/iUgTFWZkl7+nruWY7xc +te/QLwyv/5YIMfx9n1LTPRFDMnJKyqKcZZCLVAgcb9qwvQsZPg1zVtE75sCWDPECV6TTAnjSFv2 F4AMPp10MVb9hHA2p0ShonST6PXb6GySR31wJNPPc+/qm0FNxtajALEEjcavx0uqrUztRIB9chBv
          d43Suhnj4PA8dEAf4k6LsyJWAq3v2h8p5oaAJuPNiBLZPE0Q5xsxoDjnZ/pm4zNg+jJ3Nhml172m uPQRKh/kGAw/Ee3sWwNCwpMkDUS5HiV3auew1TgTtkiZHNTVX58Vxbsf9omTcQ+zXaKvHpALNe3r nz50B+XsA3CfroEQdnjP5ohgmPu7zfOvVDsC64ZhGU/jXX2DilY1mZxlP0xshtroKf0uVPLk5Jgj P12U46+C7AvbDGzfp3INpOnVb85V5WDyph7Fd04ccO+53cYu9hhW1UaeyyU0yY36ww4UCVUePzaC
          nr1kyRMt3jCI/RngZQwzFilPcC+jVjuRbfFkpPuuHWW1+/Zp2ZLNYwa+G0VwNZQF5ZIPhDm8qPXc MCM2zMfJZUsJvV+mlH+0ECfLLsSv9RaS2/CctRVOzbhZfkUSPlT3xnEiwarCa750+ebOUuktqxCD z3Y5gpwtuCmhpdgA+TauVs3kGpara7R7pC/tD0xhJPDSxIs2g50lcfY9pMtHOL9GnzFtllMm0W6V TGKMC+0BPtHbFYGehXya4LUdQ7C1TNmugRhANKjkaLR66EXlxqpTkN1krHyO+j8zc8XGxd2RJ1Ti
          oQ0k/m5DO3D+wQS6HPXc1eupGDwi12mOSXYC9UzOwDVeyJenoLtg5QFFH9dXvdhMmP2mhL4wVkkc C2z75WQrZzKTCrYHD5uDw2e1qRtBS49m6OIsgGinyFhHVmeZoJC++1O6w4qTmSLnpHuuGLLarLxj kAFv0YtAX5bu2dMVqULGf3JWx6VHnmWrWpZUe72M/Xy935WHTPdR6pqrjgowpLAOXHccSN1xYRRl q9hUhDBG8XA0NagmmNynGalUve87XU95weA1SQfFMYbcoqWnmJBOC4hQWywgq8usYTlmWBfW4qAC
          TBHucMpT8Ha4IKF/kpX9OeR/yp501BstMVgaAfLm0bXE78CgEaq3kL9pqYzjEqNJAcklsNwIHhSw 4hodgwZjBGJfTAVNMe2Rpx1tuKFnPLhPHC1TWWaaZhJowC+GNwk3+rJZhqhqthxoQkqnYP7rsISK EZ3KOD3YQGxRnrcYOm0hpzCEXuTwhZpe2MixwQCEOSeI/m0AwPwEPnf/JsgWnSCelcaLw///TM1W f09BFSO3M28qQfVN+2oh8xS2Re69sgVe/udBVqTKnia50Uv+8717d56vlgUTtZrGVdCXxAsU8KPA
          MXPhBUb1OnAEnPG7W5qaTlWx+MzH0GQC1dutnVmq1Znxy37098K6OlkNyxeaUuRaYfjV3Fw7krwU pKjYhE4be5XYbR7G6PAufPb5sLvCE2Ag5rvd9UcrE+93IAdvB4ZXsZBbcN+Qg1b/vCUphghjQrMo lDFo+DcYmBuqIpcmwsGyCOqIFEw5hNhS+AQxlNUh5hKrxX0Q2X+8pRzrQd2ePKyjDZyx4t8cr2jQ THFdlB8HsfcC/9kGLmEDNau0nu3nbx+xyaCR+YnzFC1mbkvlyjlMxI1s6hd6cPtz+59NWAk3Ix3k
          JrSQS74C9xUuKGkiE5M2TqZBS+XrODqCpZ3coPZsjILj5peCoDQJF9dKhBBvoWyRZMyOcTqIgoBN XMAre0npjionOVUCccauhq73Xr+PmY8YjeAYqJIR8SCkLrOBca9jxDqBtBjv5RxP97U3dLN4BbGA BL+rwAq6ScpNDox6HoIZrNRy5kqWl7wmPPjn7mLSRihBmPJb7b4ZIiWp/6pBwzWA7gFNM3LfngGP Zd7ha9ZD+5OoPaP69TJd28t4LpqHLkUY/LOh/2BVPT4+Bw2Cmnbcanv5Bd1P51lyBrrUDBBAvzbw
          /zXrpUsvGdw9y2y5E7xKbROw4a8lm7PmI9hLYxV8tVJdAIec/hAzsPUtx1K4hX047OH6RhyAE5+u bIKJGq1wxcMsbo9I22i0UHo0fOdvxCf9+0bQAuFLsTsevp4K42mOYiPbdZhAB5o+/xm/mu8guNhB T538U/Epyjo77DOHNUKZFZpTZpCLJ3xh13erdZwynCFbi9pKV/9bwnr2jJGghIiGjgHOQnKO9biC vQVNxIMZi4M+qnY9n/7cndonF8mEtQBiJPyzIaUXgzZAvLaVcGiNyA0pmAlfyB2aBlCJKCpcLqU1
          NFmhc/2pHPN00JIO2humVvouJuLQvtH5npFg1D5CeGrSlR0YqIQV4LUGL3hkb4fhiwFL0MQ7eMMU d05xWBi05faMlelAwMd6ivMAQI2sHamjqkPTLByiWvcOoUBNdfvqwCKmFAlNQUD3OZLD+FwCXjFL CeETDWjS8izknYYm8DUggZakxrzzImL+GqMMCVTKqjSZhauhGq7sKzeAbgEQF1YmUz+pmRYY9K/c /2Ujg/1oUJIEw86rpsDxfA46RDK+XfT6yCijcp+cVawGDOw3yJ4wOtBnEavj9OO0hpbaj4VUCp4A
          X4mbKlan2Uji60mWVBwde1C3eRUfR5qZHipkEGEoflNNKgvIKrC4H1OSGRCXjXGatuftppKkFfpx j8beqrqn472dULgOwoLpulzM7UyYFx57oufl+ABze1a6MOrszOLOucrq/cGIwOC4h1dg/NJVBd+P 2BYTZ5sufmLRpHxXo/UvW8aGlszBUuB6YmaKgCtTIOsNB6y1EKLpvTChpn5+sRduJ7XaapQf9qs5 G2U8BGEuCbpSR0m/+G0rPkR/3ESjs/8k4bdu/8aIm2SydYlUh/uGzPfH9FuT0/dMGM1wuwLrAl0F
          adVcedP5mhLvrjEcyfVVuVzA/XFe2TH2AY1vfbvonlZBCNrsmYeQOGPhugH0nTrt9h+j3kM6g0tz 8uus35ddfnLHy7HMaCjAIbrcGxcNJZvcMJumz7MWwS0MtvTw8FHHsDrIOu5ipX+K1Zq2j2d0lmUO 8A/Dvf/LKXeYwCKoJEAPUVksdYlKQRP1bGakuAfm5X1NBNoKJLsNTgujYaZktY3H1boxaOEWdvdh +/DhWIMFNS9P2gP9ctaB0Ou2x8558sEm8F+IiPXoVRLEO6jVeazfiInVgXmTvh6f12e6O2c8afrx
          XuWiEq9XApnYAjIuyY6gop3zir1ff2vaXxWpYvH8aG0B3OGyYe++0E7/hF5yhM0GuXJJdMC0nm8b OUXtfMVqeh6Cfbp6CDu41p23CxrxcYvRTcx+IzbVqJP/7GEmeZeRLI6QThuQ3xD78pT/u3DnYquE cN2LEUIjmq2drvGhcnsrlATAcLvPKp23guO5NPTPvtvyR2xK3kauOC8cbxgN3gvqGtivA2YXxlFl /7Kc/skb3K5FjbZJFMt8fi4IqkZlpx5wkwUloYhuZysDBqczW9Sf7n2fFbjidNY82bbxjAjLD6dU
          gv/HrGaHl82y1FJp8aQdJngtyRYGt27VUs9X9eOKQyl5+A2BrNLVyZQFcTxDLLvbagHS4m+oiYc/ wshAZyC0ftSt2Ii3VlamBk1+X4jpN9G4ZsGmWXmF0vbmfVRcj2cZemhoZx4lXQanlwTC3DfIjcj5 NyMH22y9wAMexUOArH2htuTV2GDSAonj0TJ0mW/gcc7l/2K543AkJ8ybi5PxeFC6N350ZDFzAyCT Ql9b/i8W9SBearNq6ES0SdfTLrUfDUMxOrWGLgPQMaF00GaAm6Hv041jaG7AO16xvl/K+WcswAZc
          trglx3q7pFp+UeIriHpjkF6h7BV6hd6ieBYN1ISSY6Y0DpITlWWNbbA1vTREDZrC+757Q3klqBOu T73gxvUjwi+V9Fb+4enGLNh+wBmu8Jf4HM3BjwfOOIfJHFovm8CxEUM61l6giGl1CqDe7mDn5uwe j5i67N+NgGaeILASpnIp98vdJeo/dO/myNWfFWPdYxaf5REag6apDDepwHnQJqbCQkPF6zrSSqmZ a0cOjli8yYW2w0fnLPs2680FN4PHTitKT+uTUnhDv8iD5rfA3NrZAz2BnB9OpU3bVi5x4bUw+ZN9
          JR7zXGhUV5LSKGsCy2XrgshJKzaOPCgb+VYqNHkRxCj0xJRagogM9pp49KqPAbuwDxG5Cy3HWvrE unBzrQNGVVdC2G6YJ0Sn1JpYPVdM7wdT4iI046djMBHuEApsnaZkGHNzNfL9JIgX6z1DKhbramoB s0XZjBECBVrBaAyw6v42Jd0BKKxF3Tn+AWsFK9Rfit9UgcPQ+VJ54ivFrsRbV7u0QFtYd+OZZatB QW5jekFGO2i7M0gXDskQrc3lnMMLi+YwSxcKEI0DRZX0+zHfcJKcMf5fLnIML7wN33Wt3PI3MouK
          Qg387MHQZyiX5PSirTQ0jitlSdjQQZ4vmKRuAGgLvcbwXLZNSY7T9UuRZ5fEA8oHORPF1cdANdxV 9B99Z+k+vN5dJ/Gx5RPrHBiah/kEHiB61QkAwxsxGcUjBifxg0d7fP4fiQpclbfWWLCavvk0w46o A+1kcwx3qrQTvo5z1Dw6pSjHPWIziCOjMXgL6rewxCrkqII/tOzu9Jqom9WryY26xmOVbajBa2C/ c+SyA2KMfjwMBQbPqwB5Ee0iBm9m+xE517mE4k1Xd64V3YJ1xE82iijblR/4gTdGmI5LAe07v1HW
          EFGp1v18MKB4HJ3vuyPdedS6f9c4H5UUTELv3b5Gkf+uVZ/K9p0l3yabDmxdxy+49mX7dNlb9sjU r8E/8Ycfw4EjDodZ572JMnJv2/05YnfcV8itrWNIP8eF/79V47DRnXTc60ykNxU/UNQzQQu0hfYZ 4gOl/srzeCdCVJoAPmumJUDMofHqpkjzQ8KTGJERl9ObTFJCXtkoBc6HoBNwWYIqtT4uCCp3A0oB Lzyp7kS8KlM4GNW6Gxe4/n5LPFDhDOBFnvQjRQR2zXLwIlpy0PKD8YwP8yeybeNCXA3VBLhhH7/w
          77qipvOEFeUGUAzq1Ivq8qOrbCn7a4VZkV7nLrnrMTdSxqO45L71eOCerPIk+zz4EZ5fVWE64tB3 bcUeZtlkC8YsjVvjqAKLxcgfBRo1KWjbJqeMH12f+LTGAjAuYLfzfcGRmYyN0EgssxoiftmlrIYv VQPBOiTnJmU+k6z/KvRrUd8ltNl4INk5OsDRhioWTLmMeBrgHFHKVbjExaiE4j44RfBCFLT3R+65 Mkvyu+biM3rCro0kB3jL9TBQTEtXBDo0QNPBbXihZXUvvGC8wEVKMgmYZmvCVMWfTU9Zx7qKeN/h
          xxUpTh/weHJabNymF/6q1FYXyKmx//hSCqv5lviPQU4CakS5kq+T7UTHbtpCDpMHX1pH9Fu9IMAS OIqhyLQfdRT4C1xG5meMcQW0AhTxfotP6fj15AlYttYUcTlqTzCCxhSgmZyiZ11BpTHbH40jrLfl DC0fmvm4uQWE9QDUkn3SI8rwy16PPSHqPayzR1WhXXplGwDQHFuiiTbPkBmerQhaGmVRHqp9FevI fqqwiM/ZmvPNocxDWqGjBXUL/oK7EXL5aJK9dJZhWyJm9eBRMlGrVk+UluFdVk+/mYA0cx9mDVKd
          Bifkm0edbu2JLjYbPB0yBygbLP+BtjJpyDg4YskyBDXFMC0Ppr9upE9AFhRZov6mvIbN+MhjY0Es J9zbu3gYtlGyHKKjdXbFaC7BYgO9oR6wsY6TXBBBLjzeK7Qx65kYxVMl6GcNVFTkn89DikO6m0ed AkIfusG137S6RLpLxi+abcDfTNn0Oc0seH8g0GIbJZe/TU0GRKyOSKfCd9h4HArAL5ZBv8qK8Q9i qEe57yIcMAJm8+YSYc6R0c+AgtqhF8YAkrJE2BUzf1VU4PL4YZkBfHPJ0+InDzsYBapC3m59wBHN
          TXQviMcNzkLkIYyRC82rk4BdvLfqRQh4q+8aWI9qsKK+eiAvk5pib67W4A2yKSGcLlYSRxccm7RJ L7gwT4UDTe6s8WwVvxkZLXjDAPEDnRDtzkHfvdDo4Blo+eqsMwCsED3AYSCE5x9QW1ymXI7WIjVK 6qnCPFp4w01YHPwXlNPIi2/WJRjxccG5YIGm123inp19W6po/qRPXAn5Mu+7nSv/RsUkK/GVElW4 lZNguM0zXsGdK2Lc5ZMTJpPZVN+DDLhSMOKg/SccHIB+W4Pga2zs9MIpEOkq7XEqrJFHXkP6sJQc
          LrubhgT+uua/nMTUH2PApaU/2pD5LHf7onVw9XDbdXlTG/0qbgQ4cN4QsxLgjIaQOSGiMYKt9kHx 62q2YFmwrwygBSdLQQP8yzWVfRQ25ulzrk0A49UbOdvv2k8RfDNRVqDEUkOdRU3/sqmxGoGy3LXX KP+dWXKgtNzMnN6k/I5vqocKlEuXTs2+skm71aR0W//KiYz8g1oim8xSMcoAmvyDOa3aYYtAvDPg xyVSCCNkxZy/jAzP0P8jXVBm5fO/pOpgV1HhWBI+FY+V086PYmcxZcODKtBU0aiEKA8zzVooeTtR
          d4kkpxd5s/LWh3o7lFX8BMVeAtI2mY+amOOGXN3a6wqCck86G1BfjsqYTq5mKr6Ws0/XTsxP4E6S ifmrGDxTnS+ORcRmKkMtWGH8J5gWBIUF0b6Mx0an+T0Agb1Q9kI3DqYo0gHvdibRughsRnK1uvG9 YYe4mC9RP03WGCH9miwH9R4ZRHfoA7p09O1fwv46nKXKIuA47QFqgZGS6Cmw4lvo3G2QIui4o3bh ddiGtJfRW+FwL74UHNFovPGP+cNVt8tQI2gef4z7OOkocN0HLBQt63FAON6aFHsRtt2nbB/Vw2vX
          7YnytdWcSXr/I3kHXwBnQuU68M3SxpZ1SdcWhn8CN3rFJv4SDDxlzAed39IfNWbcd/enWTanPQtF eqS4U1PkF1v3UDzdOrKi9ZXSCk1g8xIqovb6
        
</xenc:CipherValue>
      </xenc:CipherData>
    </xenc:EncryptedData>
  </saml2:EncryptedAssertion>
</saml2p:Response>

 

 

0 Kudos
2 Replies
CodyPatterson
by MVP Regular Contributor
MVP Regular Contributor
‎01-30-2025 04:32 AM

Hey @VirgilioPalmi 

I found this link here mentioning comparing the settings using a SAML tracer tool:

https://community.esri.com/t5/arcgis-enterprise-questions/unable-to-login-using-idp-unable-to-valida...

I also saw that it may be related to AGOL and Enterprise connections to the SAML service, wiping both out and recreating, it may be a mismatch between the two.

I also found this information here you could try:

https://support.esri.com/en-us/knowledge-base/unable-to-access-the-portal-for-arcgis-due-to-saml-iss...

Cody

 

0 Kudos
Oiligriv
by
Frequent Contributor
‎01-30-2025 05:07 AM

We have checked the Portal and IDP certificates several times and they are perfectly aligned

0 Kudos