reject saml auth due to security concerns

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:144) atorg.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) atsun.reflect.GeneratedMethodAccessor929.invoke(Unknown Source) Additional steps may be required to use a certificate signed by a CA. Blackboard has many products. at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) atorg.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) Content Security Policy not providing SAML cookie. An Authentication Failure entry appears in the bb-services log: 2016-06-28 12:48:12 -0400 - BbSAMLExceptionHandleFilter - javax.servlet.ServletException: Authentication Failure message is displayed in the Blackboard Learn GUI. atorg.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677) To find the integration instructions for your application, see the list of SaaS application integration tutorials. atjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) The SAML B2 should then be toggled Inactive/Available, while having the SAML authentication provider in 'Active' status, to ensure the updated metadata XML file is recognized system-wide. Specifies the expiration time before which the JWT can be accepted for processing. The description of Opaque marks these claims as not being for public consumption. at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) You can also submit product feedback to Azure community support. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXK, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-saml-authentication, https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXy, https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXP, Product Security Assurance and Vulnerability Disclosure Policy. at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:144) atorg.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) atjava.lang.reflect.Method.invoke(Method.java:498) atorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) atorg.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) It is possible to change the text on the End SSO Session logout page by editing the Language Pack: saml.single.logout.warning.conent.description // the first line 229 more. atorg.springframework.security.saml.processor.SAMLProcessorImpl.retrieveMessage(SAMLProcessorImpl.java:105) atorg.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:414) Incoming SAML message failed security validation. at java.lang.reflect.Method.invoke(Method.java:498) Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them - NetSPI If you see profiles then you are using SAML. Caused by: org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation [CDATA[// >