Community
Select to view content in your preferred language

Unable to login using Idp. IDP supports Encrypted SAML Assertion, but send unencrypted Assertion

1515
3
01-24-2023 02:18 PM
Labels (1)
Labels
GisJRev
by
New Contributor
‎01-24-2023 02:18 PM

Hello, 

I am experiencing this error after authenticating with Azure:
“Unable to login using Idp. IDP supports Encrypted SAML Assertion, but send unencrypted Assertion”

I've tested the SSO from the IDP and it registers success. However, SAML trace shows the same error from the user side. 

I've verified the x.509 cert in the SAML trace matches the cert in Azure. The cert expires in 2024. 

Any help would be much appreciated. 

 

Thanks!

0 Kudos
3 Replies
Richard_Purkis
by Esri Contributor
Esri Contributor
‎01-27-2023 04:14 AM

Hi @GisJRev 

I would check your Enterprise login settings. When I've seen this before "Encypted Assertion" was enabled and it wasn't required. It was resolved by disabling "Encrypted Assertion" within ArcGIS Online > Organization > Settings > Security > Edit SAML Login > Advanced Settings

Hope this helps

G_Jansen
by
New Contributor
‎05-12-2023 06:14 AM

on our Enterprise 10.8.1 Test Environment this was enabled and works fine, after the upgrade to 10.9.1 I had the same error, disabling "Encypted Assertion" works thank you.

Still strange there was no issue on the old version (there were Windows server updates as well before I had tested the SAML login, so perhaps it isn't because of the GIS upgrade)

I'm gone try if it will work with a new adfs construction

 

0 Kudos
LHo
by
Occasional Contributor
‎10-22-2023 07:06 PM

Hi @G_Jansen was there any update on your attempt to get it working with a new adfs construction? Did this work for you?

0 Kudos