Attributes are missing from the SAML response sent by the RSA SecurID Access Identity Router to Microsoft AD FS
Originally Published: 2017-10-24
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: v1.5.4
Issue
The AuthnRequest and AuthnResponse can be viewed in the IDR's system log (downloaded as /var/log/symplified/symplified.log in the Identity Router Log Bundle). An example is:
2017-09-22/06:06:43.084/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[278] - Received inbound SAML 2 AuthNRequest: <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://sso.example.com/IdPServlet?idp_id=wejvzsgcrtko" ID="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:36.294Z" Version="2.0"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.example.com/adfs/services/trust</Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest> 2017-09-22/06:06:43.098/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[330] - Generated response: <?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://adfs.example.com/adfs/ls/" ID="okienljgaajaannmijdclpcipmjjffphnfoiinpp" InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:43.084Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wejvzsgcrtko</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#okienljgaajaannmijdclpcipmjjffphnfoiinpp"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lwKlIplJlIfnprotr6CdmDQPtcc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SIGNATURE</ds:SignatureValue></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn" IssueInstant="2017-09-22T06:06:43.085Z" Version="2.0"><saml2:Issuer>wejvzsgcrtko</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Firstname.Lastname@example.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" NotOnOrAfter="2017-09-22T06:16:43.085Z" Recipient="https://adfs.example.com/adfs/ls/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-09-22T06:01:43.085Z" NotOnOrAfter="2017-09-22T06:16:43.085Z"><saml2:AudienceRestriction><saml2:Audience>http://adfs.example.com/adfs/services/trust</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-09-22T06:06:43.085Z" SessionIndex="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
Cause
Workaround
Related Articles
System.DllNotFoundException: Unable to load DLL 'km' Number of Views Ping Directory- Identity Source Authentication Manager Integration - RSA Ready Implementation Guide Number of Views Ping Directory - Identity Source Cloud Authentication Service Integration - RSA Ready Implementation Guide Number of Views Example: SAML IdP for Cloud Access Service Assertion Number of Views Error occured in RSA Federated Identity Manger (FIM) 4.1 'Unable to verify the signature value' error when processing asse… Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Troubleshooting AFX Server issues in RSA Identity Governance & Lifecycle Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
