Guest

Preview Tool

Cisco Bug: CSCvv04056 - When generating new certificate for SSO login to vManage started to fail

Last Modified

Oct 13, 2020

Products (1)

  • Cisco SD-WAN

Known Affected Releases

19.2.2

Description (partial)

Symptom:
since certificate with pingID was about to expire after generatin new one(which generates new metadata) customer started to received
6-Jul-2020 16:37:19,668 UTC INFO  [vManage] [DataCollectionManager] (Thread-130) || Existing device 11.0.48.1, Sync Type: DATA_SYNC, Priority Sync: false
16-Jul-2020 16:37:19,675 UTC INFO  [vManage] [MetadataManager] (default task-238) |default| Remote entity fs:bae:saml2:entityid available
16-Jul-2020 16:37:19,679 UTC INFO  [vManage] [MetadataManager] (default task-238) |default| Local entity vmanage.us.baesystems.com available under alias vmanage.us.baesystems.com
16-Jul-2020 16:37:19,679 UTC INFO  [vManage] [SAMLProcessingFilter] (default task-238) |default| Available Provider size: [com.viptela.vmanage.server.sso.saml.metadata.DBMetadataProvider@651c34e5, com.viptela.vmanage.server.sso.saml.metadata.DBMetadataProvider@3a28f982]
16-Jul-2020 16:37:19,681 UTC INFO  [vManage] [SAMLProcessorImpl] (default task-238) |default| Inbound saml transport: POST
16-Jul-2020 16:37:19,687 UTC WARN  [vManage] [XMLSignature] (default task-238) |default| Signature verification failed.
16-Jul-2020 16:37:19,687 UTC ERROR [vManage] [SAMLProcessingFilter] (default task-238) |default| Incoming SAML message is invalid: org.opensaml.ws.security.SecurityPolicyException: Validation of protocol message signature failed


when taking of new metatada and putting old it works, only new one is rejected

Conditions:
manage runnign 19.2.1, 
new certificate created due to this new metadata need to be upload to vMaange
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.