-
Type:
Bug
-
Status: Verified
-
Resolution: Unresolved
-
Affects Version/s: Master
-
Fix Version/s: None
-
Component/s: Application Security > SAML
-
Labels:None
-
Fix Priority:2
In a IDP + SP setup, both Liferay Portal,
We got the following error message, when the SP connection setting contains valid URL, but the target instance, hasn't enabled it's SAML Role at the SAML Admin / General tab.
2020-09-18 09:20:47.140 ERROR [http-nio-8080-exec-10][XMLObjectSupport:240] Unable to unmarshall InputStream, no unmarshaller registered for element script 2020-09-18 09:20:47.143 INFO [http-nio-8080-exec-10][SamlAdminPortlet:77] org.opensaml.core.xml.io.UnmarshallingException: Unable to unmarshall InputStream, no unmarshaller registered for element script
Repro:
- Start a Portal instance
- Set IDP SAML role for the default instance, create certificates and enable the SAML Role
- Create a virtual instance
- Set SP role for the virtual instance add IDP connection to the default instance but didn't enable the SAML role at SAML Admin/General tab.
- Go back to IDP instance / SAML admin
- Open the SP connectors
- Add new SP connections with metadata url
- Save the SAML connector data