Question

RelayStateID - Password is wrong

We are getting exception while performing SSO using SAML2.0. We tried to reproduce this while performe SSO for an indivdual user but did see any exceptions.

Also, In the load test all the users used as a test data they all had valid passwords and accounts in our IDP server.

Below are 2 types of exception we are getting:

1)

2019-10-31 11:03:09,887 [jp-nio-30009-exec-11] [ STANDARD] [ ] [ PegaRULES:07.10] (uthorization.KeystoreEntryData) ERROR <URL>|<IPAddress>|RelayStateID: 23c4c3e7-0bf9-4f3a-bc6c-18e23aa0639c :RelayStateID - Password is wrong

2)

2019-10-31 11:03:16,568 [ajp-nio-30009-exec-4] [ STANDARD] [ ] [ PegaRULES:07.10] ( internal.util.PRSAMLv2Utils) ERROR <URL>|<IPAddress>|Rest|WebSSO|SAML|v2_assertionconsumerservice27d966ed6057ae45375fdfa98b29416f|A0JP7ZQ2U6MAZTUMOVHBFLCZO8U9LYPFJ|RelayStateID:e89cce7c-19b9-4fd8-8678-97308e3cfcef:RelayStateID - Caught Exception while validating SAML2 Authentication response for SSO profile : Request Id doesnt match Inresponse to field of SAML assertion,Possibility of a security breach.

Please provide reasons if any of you faced similar exception or aware what might be the root cause for these exceptions.

Comments

Keep up to date on this post and subscribe to comments

November 20, 2019 - 9:27am

We are getting exception while performing SSO using SAML2.0. We tried to reproduce this while performe SSO for an indivdual user but did NOT see any exceptions.

Pega
December 2, 2019 - 9:33am

Hi,

Please check your Keystore and trustore passwords that have been set matches the passwords provided by your certificate vendor.

Also, verify if either of Keystore or trustore has to be mentioned in the configuration.