8.3 SSO/SAML Intermittent Error

IdentityIQ (IIQ) IIQ Discussion and Questions
1

We are currently on 8.3p4, and are experiencing users randomly getting server response could not be evaluated due to No SAML message present in request. When they get refreshed SSO doesn’t work unless they type in a bad username/password in login.jsf?prompt=true and then go back to the default url. Anyone see the error No SAML message present in request?

2

Starting to see it more wide spread.

3

Please check the SAML rule under Login Configuration–>SSO Configuration

4

It hasn’t changed since going from 8.3p3 to 8.3p4. This was not an issue prior.

import sailpoint.object.Identity;
import sailpoint.object.*;
import sailpoint.tools.*;



            // Get the nameId from the assertionAttributes
            System.out.println("Entering SAML Correlation Rule");

            String nameId = (String)assertionAttributes.get("nameId");
            System.out.println("Name ID from Assertion Attribute: " +nameId);

            Identity ident;

            if(nameId != null) {
                // Lookup the identity based on nameId
                ident = context.getObject(Identity.class, nameId);
            }

            return ident;
5

Still seeing this, and its very random but happens to people at least once a day.

6

Hello @thasheider1 - We may need to do troubleshooting to understand what is happening. I suggest to do below.

  1. Please check with the Identity Provider if there are any recent changes in their environment.
  2. Add log statement to print the assertionAttributes in the SAML Correlation Rule. I believe you might be receiving the assertion attribute nameId incorrect.. For example - You are expecting Identity name or ID but you are receiving the email address or UPN. In this case you may see the issue which you highlighted.
  3. Enabling logs below might give you more insights
    sailpoint.web.sso.SAMLSSOAuthenticator
7

I’ll update logging and try to identify it.

8

Below was the error i got

2025-08-27 11:43:53 DEBUG SAMLSSOAuthenticator:605 - initializing SAMLSSOAuthenticator

2025-08-27 11:43:53 DEBUG SAMLSSOAuthenticator:605 - entering phase 2

2025-08-27 11:43:53 ERROR HTTPPostDecoder:116 - Request did not contain either a SAMLRequest or SAMLResponse paramter.  Invalid request for SAML 2 HTTP POST binding.

2025-08-27 11:43:53 ERROR SAMLSSOAuthenticator:303 - An unknown error occurred processing the SAMLResponse, trying next Authenticator…

org.opensaml.messaging.decoder.MessageDecodingException: No SAML message present in request

at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.getBase64DecodedMessage(HTTPPostDecoder.java:118) \~\[opensaml-saml-impl-3.4.5.jar:?\]

at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:89) \~\[opensaml-saml-impl-3.4.5.jar:?\]

at org.opensaml.messaging.decoder.AbstractMessageDecoder.decode(AbstractMessageDecoder.java:58) \~\[opensaml-messaging-api-3.4.5.jar:?\]

at org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder.decode(AbstractHttpServletRequestMessageDecoder.java:55) \~\[opensaml-messaging-api-3.4.5.jar:?\]

at org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder.decode(BaseHttpServletRequestXMLMessageDecoder.java:72) \~\[opensaml-messaging-api-3.4.5.jar:?\]

at sailpoint.web.sso.SAMLSSOAuthenticator.getResponse(SAMLSSOAuthenticator.java:425) \~\[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.web.sso.SAMLSSOAuthenticator.phase2PostHandler(SAMLSSOAuthenticator.java:268) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.web.sso.SAMLSSOAuthenticator.doAuthenticate(SAMLSSOAuthenticator.java:216) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.web.sso.SAMLSSOAuthenticator.authenticate(SAMLSSOAuthenticator.java:198) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.web.sso.SSOAuthenticationRunner.run(SSOAuthenticationRunner.java:37) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.service.PageAuthenticationService$2.command(PageAuthenticationService.java:786) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.service.PageAuthenticationService.handleCommands(PageAuthenticationService.java:659) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.web.PageAuthenticationFilter$MyHandler.handle(PageAuthenticationFilter.java:332) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at sailpoint.web.PageAuthenticationFilter.doFilter(PageAuthenticationFilter.java:127) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at sailpoint.web.SailPointContextRequestFilter.doFilter(SailPointContextRequestFilter.java:61) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at sailpoint.web.util.JsonFilter.doFilter(JsonFilter.java:112) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at sailpoint.web.util.MethodFilter.doFilter(MethodFilter.java:51) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at sailpoint.web.SailPointPollingRequestFilter.doFilter(SailPointPollingRequestFilter.java:151) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at sailpoint.web.util.TimingFilter.doFilter(TimingFilter.java:88) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at sailpoint.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:63) \[identityiq.jar:8.3p4 Build 70e6b82a582-20240620-112139\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) \[spring-web-5.2.24.RELEASE.jar:5.2.24.RELEASE\]

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) \[spring-web-5.2.24.RELEASE.jar:5.2.24.RELEASE\]

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) \[catalina.jar:9.0.107\]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) \[catalina.jar:9.0.107\]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) \[catalina.jar:9.0.107\]

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:656) \[catalina.jar:9.0.107\]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) \[catalina.jar:9.0.107\]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346) \[catalina.jar:9.0.107\]

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397) \[tomcat-coyote.jar:9.0.107\]

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) \[tomcat-coyote.jar:9.0.107\]

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:935) \[tomcat-coyote.jar:9.0.107\]

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1826) \[tomcat-coyote.jar:9.0.107\]

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) \[tomcat-coyote.jar:9.0.107\]

at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1189) \[tomcat-util.jar:9.0.107\]

at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658) \[tomcat-util.jar:9.0.107\]

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) \[tomcat-util.jar:9.0.107\]

at java.lang.Thread.run(Thread.java:829) \[?:?\]