Issue:
Login to Control Hub with SAML enabled fails with an HTTP 400 error page and Login Audit shows the following details:
HTTP statusCode: 400, Details WebSsoException: WEB_SSO_205 - Assertion is not encryptedSolution:
This above error indicates that Control Hub was expecting an encrypted assertion from the IdP but the IdP sent it unencrypted.
There are two different solutions depending on what we want to archive:
- If we require the assertions to be encrypted then we need to upload the Control Hub public certificate to the IdP.
- If the assertions do not need to be encrypted then we need to disable 'Wants SAML Assertions Encrypted' at both, organization and global level in our Control Hub UI. Please follow these steps:
- Organization level. Go to Administration > Organizations > [your org] > gear icon > SAML IdP Options tab, uncheck 'Wants SAML Assertions Encrypted' box and click on SAVE.
- Global level. Go to Administration > SAML and verify that 'Wants SAML Assertions Encrypted' box is also unchecked. Otherwise, please uncheck it and click on SAVE. IMPORTANT: a Control Hub restart is required for this change to take effect.
If you've followed the steps above and still get an HTTP 400 error page, we recommend that you verify one more time the information in the Login Audit entry for the failed login since probably now the cause of the issue has changed. Also, remember to check the DPM logs for more details.
