Unable to login using Idp. IDP supports Encrypted SAML Assertion, but send unencrypted Assertion

GisJRev · ‎01-24-2023

Hello,

I am experiencing this error after authenticating with Azure:
“Unable to login using Idp. IDP supports Encrypted SAML Assertion, but send unencrypted Assertion”

I've tested the SSO from the IDP and it registers success. However, SAML trace shows the same error from the user side.

I've verified the x.509 cert in the SAML trace matches the cert in Azure. The cert expires in 2024.

Any help would be much appreciated.

Thanks!

Richard_Purkis · ‎01-27-2023

Hi @GisJRev

I would check your Enterprise login settings. When I've seen this before "Encypted Assertion" was enabled and it wasn't required. It was resolved by disabling "Encrypted Assertion" within ArcGIS Online > Organization > Settings > Security > Edit SAML Login > Advanced Settings

Hope this helps

G_Jansen · ‎05-12-2023

on our Enterprise 10.8.1 Test Environment this was enabled and works fine, after the upgrade to 10.9.1 I had the same error, disabling "Encypted Assertion" works thank you.

Still strange there was no issue on the old version (there were Windows server updates as well before I had tested the SAML login, so perhaps it isn't because of the GIS upgrade)

I'm gone try if it will work with a new adfs construction

LHo · ‎10-22-2023

Hi @G_Jansen was there any update on your attempt to get it working with a new adfs construction? Did this work for you?