Reset Search
 

 

Article

KB40415 - SAML "Invalid assertion received" authentication error if extended ASCII in the assertion from the IDP is used by userAttr variable in the User Name Template field

« Go Back

Information

 
Last Modified Date2/7/2017 5:54 PM
Synopsis
This article describes an issue of SAML authentication failing when extended ASCII in an assertion from the IDP is used by userAttr variable in the User Name Template field.
Problem or Goal
Authentication fails and the Access log shows "Invalid assertion received" if an assertion is received which has extended ASCII for a value and the SAML User Name Template is configured with a userAttr variable like  <userAttr.displayname> that references that value.
Cause
This issue occurs due to the PCS / PPS only supports basic ASCII characters.
Solution
There is currently no solution and extended ASCII should be avoided for names that will be parsed by the User Name Template variable.  If extended ASCII support is required, please contact the regional Pulse Secure Sales Engineer to file an enhancement request.
Related Links
The Configuring Authentication with the SAML Server section of the Admin Guide has details on configuring the SAML authentication server and the User Name template section.

See http://www.asciitable.com/ for which characters are extended ASCII and trigger this issue.
Attachment 1 
Created ByMatthew Spiers

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255