ComponentSpace

Forums



Ping Identtiy Updates Seem to be causing issues with IDP SAML Auth


Ping Identtiy Updates Seem to be causing issues with IDP SAML Auth

Author
Message
jmann99999
jmann99999
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 9
We have a customer that is using Ping Identity to access our IDP SAML servers. It appears there was a security fix from an advisory in August 2021 (SECADV028) that they put into place. The security fix says, "We have discovered that PingFederate is vulnerable to XML XXE and DTD processing vulnerabilities that allow an attacker to chain specially-crafted requests to exfiltrate configuration files including decryption keys."

After putting this fix into place, the customer is no longer able to access our services. We see the following in our logs:
****************
ComponentSpace.SAML2 Verbose: 0 : 4980/12: 3/21/2022 8:04:26 AM: Verifying the SAML response signature.
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: Verifying the SAML response signature.
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: Retrieving the signature certificates for the partner identity provider https://xxxxxxxxxxxxxxx.com.
ComponentSpace.SAML2 Verbose: 0 : 4980/12: 3/21/2022 8:04:26 AM: Retrieving the signature certificates for the partner identity provider https://xxxxxxxxxxxxxxx.com.
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: Loading the X.509 certificate from the file c:\filelocation-obfuscated\..
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: The X.509 certificate with subject name CN=xxxxx, OU=IT Security, O=Company Name, L=City, S=State, C=US and serial number 9167CF0B0000 has been loaded.
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: The X.509 certificate with subject name CN=xxxxx.xxxx.com, OU=IT Security, O=Company Name, L=City, S=State, C=US and serial number 9167CF0B0000 has been cached.
ComponentSpace.SAML2 Verbose: 0 : 4980/12: 3/21/2022 8:04:26 AM: The X.509 certificate with subject name CN=xxxxx.xxxx.com, OU=IT Security, O=Company Name, L=City, S=State, C=US and serial number 9167CF0B0000 has been retrieved from the cache.
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: The X.509 certificate with subject name CN=xxxxx.xxxx.com, OU=IT Security, O=Company Name, L=City, S=State, C=US and serial number 9167CF0B0000 is being used to verify the XML signature.
ComponentSpace.SAML2 Verbose: 0 : 4980/12: 3/21/2022 8:04:26 AM: The X.509 certificate with subject name CN=xxxxx.xxxx.com, OU=IT Security, O=Company Name, L=City, S=State, C=US and serial number 9167CF0B0000 is being used to verify the XML signature.
ComponentSpace.SAML2 Verbose: 0 : 4980/12: 3/21/2022 8:04:26 AM: Verifying the XML signature.
ComponentSpace.SAML2 Verbose: 0 : 4980/24: 3/21/2022 8:04:26 AM: Verifying the XML signature.
ComponentSpace.SAML2 Verbose: 0 : 4980/12: 3/21/2022 8:04:26 AM: Failed to verify the XML signature.

****************

The customer says that they dealt with this before with another vendor and that it was special characters that were not processed correctly by the IDP SAML Service.

Has anyone encountered this before and have any ideas on what could be happening?

Thanks for any help!


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search