SAML error between MWS and IS

Hi,

I’m trying to connect to IS from MWS using Administrator user but when I “Check Server Status” on Administration -> My webMethods -> System Settings -> Servers, I’m getting this error:

2016-05-12 15:28:12 BRT (directory:WARN) [WS:79] - Failed SAML authentication
com.webmethods.portal.PortalException: [POP.012.0002.wm_xt_samlsecurityservice] The SAML artifact is invalid or has expired.

I’m using a trial installation, version 9.9 on Linux.

Any tips?

Thank you!

Hi Filipe,

is the MWS SAML Resolver URL configured in IS under Settings -> Resources to point to this MWS?

Regads,
Holger

Thanks Holger, it worked for me.

Regards,
Akshay

Holger,

I set the MWS SAML Resolver URL in IS under Settings -> Resources but I’m still getting the error. Here’s what I did:

Is that right?

Selection_015.png

Hi Filipe,

is the MWS running on the same physical box as the IS?

If yes this should work, if not you will have to specify the real address of the MWS here.

Is the Central Users function under “Settings -> JDBC Pools” configured to point to a database schema that holds the User database of the MWS?

Is there anything remarkable in the IS server.log or error log?

Regards,
Holger

Holger,

Yes, they’re running on the same physical machine.

I didn’t configure Central Users function because I’m not using any external database. I’m using an embedded db. I’ve got something in error.log and server.log:


Hi Filipe,

this is the issue with the embedded database.

MWS tries to login to the IS with the Administrator defined in MWS which is not available in IS due to missing CentralUsers configuration.

Therefore the SAML Assertion fails.

When using MWS to monitor IS it is recommended that MWS runs on an external database which can be accessed from IS via JDBC Pool/Function for CentralUsers.

Regards,
Holger

Hi Holger,

All right. Thank’s for your support! :smiley: