SAML 2.0 Error: Could not create session for the provided user principal in Mx 9.9.1 deployment versus no error in Mx 8.6.9 deployments

0
We get a “successful” SAML Response but we get this error message in the Log:   Could not create a session for the provided user principal 'DELETEDFROMFORUMPOST': Single Sign On unable to create new session: Unsupported value: system.proxies.Session@ea1cc47f (class system.proxies.Session)    The same application already has SAML SSO successfully enabled for 2 other environments, referred to as Acceptance and Production.  I just configured SAML for a 3rd environment for the same app, referred to as the UAT environment.  But when I click the SSO button on UAT’s login page, it displays Mendix “An unexpected error occured while creating a session.” with the “Try Again” button.  In the app the log shows the above error.  From everything that I’ve checked, the IdP Configuration is the same for all 3 environments, except, of course, each has its own unique IdP file uploaded.   The UAT environment is deployed in Mendix 9.9.1 while the other 2 are still in Mx 8.6.9.  I wondered if that might be related to this issue.  However, we have another app, deployed in Mx 9.9.1, for which I successfully configured SAML SSO.  So, I guess it must be something else.  But I haven’t found what, yet.   More parts of the log are pasted below.  If anyone has an idea what’s wrong, please let me know.  THANKS!  10:29:09 AMAPPINFOSAML_SSO: Processing request: /SSO/ 10:29:09 AMAPPINFOSAMLRequest: null 10:29:09 AMAPPINFOSAMLResponse: null 10:29:09 AMAPPINFORelayState: null 10:29:09 AMAPPINFOSAML_SSO: No supported IdP discovered, using first from metadata 10:29:09 AMAPPINFOSAML_SSO: Signing on at https://login.DELETEDFROMFORUMPOST.com/DELETEDFROMFORUMPOST/saml2 10:29:10 AMAPPINFOSAML_SSO: Processing request: /SSO/assertion 10:29:10 AMAPPINFOSAMLRequest: null 10:29:10 AMAPPERRORSAML_SSO: saml20.implementation.SAMLFeedbackException: Could not create a session for the provided user principal. 10:29:10 AMAPPINFOat saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:178) 10:29:10 AMAPPINFOat saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:49) 10:29:10 AMAPPINFOat saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:165) 10:29:10 AMAPPINFOat com.mendix.externalinterface.connector.RequestHandler.doProcessRequest(RequestHandler.jav 10:29:10 AMAPPINFOat java.base/java.lang.Thread.run(Unknown Source) 10:29:10 AMAPPINFOCaused by: java.lang.Exception: Single Sign On unable to create new session: Unsupported value: system.proxies.Session@ea1cc4dc (class system.proxies.Session) 10:29:10 AMAPPINFOat saml20.implementation.security.SessionManager.createSession(SessionManager.java:273) 10:29:10 AMAPPINFOat saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:160) 10:29:10 AMAPPINFOat saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:49) 10:29:10 AMAPPINFOat saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:165) 10:29:10 AMAPPINFOat com.mendix.externalinterface.connector.RequestHandler.doProcessRequest(RequestHandler.java:37) 10:29:10 AMAPPINFOat java.base/java.lang.Thread.run(Unknown Source) 10:29:10 AMAPPINFOCaused by: com.mendix.systemwideinterfaces.MendixRuntimeException: Unsupported value: system.proxies.Session@ea1cc4dc (class system.proxies.Session) 10:29:10 AMAPPINFOat com.mendix.basis.value.MendixValue$.apply(MendixValue.scala:85) 10:29:10 AMAPPINFOat com.mendix.basis.actionmanagement.MicroflowCallBuilderImpl.withParams(MicroflowCallBuilderImpl.scala:17) 10:29:10 AMAPPINFOSAMLResponse: DELETEDFROMFORUMPOST 10:29:10 AMAPPINFORelayState: _7d792616-0c04-4edf-829e-1b2c6d36ca90 10:29:10 AMAPPINFOSAML_SSO: RelayState..:_7d792616-0c04-4edf-829e-1b2c6d36ca90 10:29:10 AMAPPINFOSAML_SSO: Validation is successful 10:29:10 AMAPPINFOSAML_SSO: Validation is successful 10:29:10 AMAPPINFOSAML_SSO: Failed: Could not create a session for the provided user principal 'DELETEDFROMFORUMPOST': Single Sign On unable to create new session: Unsupported value: system.proxies.Session@ea1cc4dc (class system.proxies.Session) 10:29:10 AMAPPERRORSAML_SSO: Unable to validate Response, see SAMLRequest overview for detailed response. Error: Could not create a session for the provided user principal. 10:29:10 AMAPPINFOat saml20.implementation.security.SessionManager.createSession(SessionManager.java:216) 10:29:10 AMAPPINFOat saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:160) 10:29:10 AMAPPINFOat saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:49) 10:29:10 AMAPPINFOat saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:165) 10:29:10 AMAPPINFOat com.mendix.externalinterface.connector.RequestHandler.doProcessRequest(RequestHandler.java:37) 10:29:10 AMAPPINFOat com.mendix.external.connector.MxRuntimeConnector.$anonfun$processRequest$1(MxRuntimeConnector.scala:50) 10:29:10 AMAPPINFOat com.mendix.external.connector.MxRuntimeConnector.$anonfun$processRequest$1$adapted(MxRuntimeConnector.scala:50) 10:29:10 AMAPPINFOat com.mendix.util.classloading.Runner$.withContextClassLoader(Runner.scala:20)  
asked
1 answers
0

I found this Forum question with the same SAML Module issue, using Mx 9.2.0: https://forum.mendix.com/link/questions/110215 which has an accepted fix from 3 months ago.  

But based on that info, I checked and found upgraded versions of the SAML Module in the Marketplace that fix this issue were released since then.  

In our case, I upgraded the SAML Module in our Mx 9.9.1 app to v.3.1.6, per their Release Notes, because our app had been upgraded from Mx 8.  

I am happy to confirm that deploying a new package, with the upgraded SAML Module, to our UAT environment corrected the issue.  

Thanks to whoever fixed it!  

 

 

answered