0 Replies Latest reply on Nov 21, 2018 5:48 AM by andreaspa

    Quick tip when SAML suddenly fails for tenants

    andreaspa Enthusiast

      So, I just encountered an error where vCD suddenly would not authenticate our SAML users with ADFS SSO.

       

      After some troubleshooting, I found this in vcloud-container-debug.log:

       

      org.opensaml.xml.validation.ValidationException: Signature is not trusted or invalid

      org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation

       

      As it turns out, our ADFS servers had recently issued new self-signed certs for token-decryption and token-signing, and today they started to use these new certificates causing the vCD SAML connection to fail. In order to resolve this, I had to download SAML2 metadata XML file again and import it in Federation setting on vCD for this tennant. After doing so, things started to work properly again.

       

      Just a quick tip if anyone else runs in to this issue..

       

      This guide was used to set up the SAML2 from start:

      Configure Active Directory Federation for vCloud Director Organization – Tom Fojta's Blog

      Big thanks to that author!