SSO / SAML suddenly not working, is this a joke?

1917
8
Jump to solution
09-02-2022 01:44 PM
QuantitativeFuturist
Frequent Contributor

SSO / SAML which has previously been working stopped this morning and no users can now login via SSO. We have made no changes.

"Unable to login using ldp. Error validating encrytped Assertion Unwrapping failed." 

The only article I can see is this https://support.esri.com/en/Technical-Article/000022078 which was released 2 days ago, seems like they've messed something up on the back end.

ESRI regional office is closed, esri Inc hung up on me, what an absolute joke.

So my workaround is create around 100 named users over the weekend so we can use the system on Monday?

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
BillFox
MVP Frequent Contributor

you could try first deleting both sides of your existing adfs connection (AGOL & on-premise) to gut out everything, then re-create them fresh from scratch.

View solution in original post

8 Replies
BillFox
MVP Frequent Contributor

Is your ssl cert expired?

0 Kudos
QuantitativeFuturist
Frequent Contributor

Thanks @BillFox The certificate is not expired. We have gone through the steps to recreate the SAML connection from scratch and we get the same error. What is really confusing is that we see multiple references to September 25th, but as that hasn't happened yet we're not sure how to proceed.  

0 Kudos
BillFox
MVP Frequent Contributor

you could try first deleting both sides of your existing adfs connection (AGOL & on-premise) to gut out everything, then re-create them fresh from scratch.

QuantitativeFuturist
Frequent Contributor

@BillFox Thanks Bill, this is a good suggestion. We went through recreating the AGOL configuration with esri support today. They say that error message does not appear in their internal knowledge base. Multiple people suggesting the blog post from September 1st but when we recreated the connection initially we set it up without signed requests or encrypted assertions with no change. I think we will try and recreate the ADFS connection on the provider side then additionally recreate the AGOL side. Thanks again for your help.

0 Kudos
QuantitativeFuturist
Frequent Contributor

Many thanks Bill, this worked and we're back up and running. You are much more helpful than esri support who are passing this around with no idea how to resolve the issue. Not exactly sure what happened but I suspect that September 1st blog post has something to do with, even though it shouldn't have affected anything before September 25th. Thanks again, appreciate the help.

BillFox
MVP Frequent Contributor

did anyone recently update/replace any ssl certs that were about to expire as part of their annual renewal process?

0 Kudos