Page Comparison

...

Problem

SAML SP fails during logout with the following error:

com.ubisecure.saml2.sp.ServiceProviderException: INTERNAL_ERROR: com.ubisecure.saml2.core.SAMLException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Solution

This error indicates that SP tries to do a back channel logout using the SOAP SingleLogoutEndpoint described in the IDP Metadata of Ubisecure SSO, but fails to do a SSL/TLS handshake. This problem is caused by SAML SP for Java component trying to use SSLv3 when initiating the backchannel connection for the logout, but as SSLv3 is now obsolete, many servers refuse to create a connection with it and interrupt the handshake procedure instead.

Panel

bgColor	#fff

Workaround is to disable backchannel logout functionality:

Set LiteNoBackChannel compatibility flag in the Ubisecure SSO Management
Restart Ubisecure SSO
Copy new IDP metadata to the SP (replace \WEB-INF\saml2\sp\metadata\metadata.xml) and restart the java servlet.

Versions Compared

Old Version 1

New Version Current

Key

Problem

Solution

Related articles

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

<span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-0">[data-colorid=</span>

Solution

Related articles