IBM Support

QRadar SOAR: SAML login does not complete due to SOAR service provider expired certificate

Troubleshooting


Problem

Some identity providers (IdP) use the Service Provider certificate <alias>-sp-cert.pem as part of signing of all SAML interactions between the IdP and IBM QRadar SOAR. If the Service Provider certificate expires and the IdP uses it to sign all SAML interactions, SSO does not work. Producing "An error occurred."

Symptom

Users might see the message, "An error occurred. For additional support, please contact your system administrator" when they try to authenticate.
An error occurred
The /usr/share/co3/logs/client.log might return code "sso urn:oasis:names:tc:SAML:2.0:status:Responder". This responder error is sent by the IdP, and is normally due to a configuration problem with the IdP:
[https-jsse-nio2-443-exec-7] WARN  [] com.co3.web.servlet.saml.SAMLServlet - SAML response contained an error status:  POST https://<soar.domain.com>/saml2/<alias>/sso urn:oasis:names:tc:SAML:2.0:status:Responder 
[https-jsse-nio2-443-exec-7] ERROR [] com.co3.web.servlet.Co3ServletFilterBase - Error processing request POST:/saml2/<alias>/sso
java.lang.RuntimeException: javax.servlet.ServletException: javax.servlet.ServletException: https://<soar.domain.com>/saml2/<alias>/sso
(..)
[http-nio-443-exec-2] WARN  [] com.co3.web.servlet.saml.SAMLServlet - SAML response contained an error status:  POST https://<soar.domain.com>/saml2/<alias>/sso urn:oasis:names:tc:SAML:2.0:status:Responder Unable to verify the signature
[http-nio-443-exec-2] ERROR [] com.co3.web.servlet.Co3ServletFilterBase - Error processing request POST:/saml2/<alias>/sso
java.lang.RuntimeException: javax.servlet.ServletException: javax.servlet.ServletException: https://<soar.domain.com>/saml2/<alias>/sso

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001h4dAAA","label":"Authentication-\u003ESAML"}],"ARM Case Number":"TS013493690","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
05 July 2023

UID

ibm17009355

Page Feedback