Attributes are missing from the SAML response sent by the RSA SecurID Access Identity Router to Microsoft AD FS
Originally Published: 2017-10-24
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: v1.5.4
Issue
The AuthnRequest and AuthnResponse can be viewed in the IDR's system log (downloaded as /var/log/symplified/symplified.log in the Identity Router Log Bundle). An example is:
2017-09-22/06:06:43.084/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[278] - Received inbound SAML 2 AuthNRequest: <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://sso.example.com/IdPServlet?idp_id=wejvzsgcrtko" ID="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:36.294Z" Version="2.0"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.example.com/adfs/services/trust</Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest> 2017-09-22/06:06:43.098/UTC [ajp-apr-8009-exec-1] INFO com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[330] - Generated response: <?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://adfs.example.com/adfs/ls/" ID="okienljgaajaannmijdclpcipmjjffphnfoiinpp" InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" IssueInstant="2017-09-22T06:06:43.084Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wejvzsgcrtko</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#okienljgaajaannmijdclpcipmjjffphnfoiinpp"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>lwKlIplJlIfnprotr6CdmDQPtcc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>SIGNATURE</ds:SignatureValue></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn" IssueInstant="2017-09-22T06:06:43.085Z" Version="2.0"><saml2:Issuer>wejvzsgcrtko</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Firstname.Lastname@example.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="id-5b5aea05-d2e8-4da6-9d5b-6d20258ac644" NotOnOrAfter="2017-09-22T06:16:43.085Z" Recipient="https://adfs.example.com/adfs/ls/"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-09-22T06:01:43.085Z" NotOnOrAfter="2017-09-22T06:16:43.085Z"><saml2:AudienceRestriction><saml2:Audience>http://adfs.example.com/adfs/services/trust</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-09-22T06:06:43.085Z" SessionIndex="mpkocojlnojpnilglombhffpgjgfaiapbmcenabn"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
Cause
Workaround
Related Articles
SAML response has AttributeName but no AttributeValue tags Number of Views System.DllNotFoundException: Unable to load DLL 'km' Number of Views Activity Node Excludes Previous Approvers Without Exclusion Settings in RSA Governance & Lifecycle Number of Views SAML 2.0 Requirements for Service Providers - Metadata Number of Views SOAP Web Service AFX test connector capabilities fail with 'Failed to create service' and 'Unexpected EOF in prolog' messa… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
