SAML SSO fails when assertion encryption algorithm is different from default (POST Binding)

[nirmal101]

Describe the issue:

• Cannot sign in to the web apps(saml2-web-app-pickup-dispatch,saml2-web-app-pickup-manager) when you use the following assertion encryption algorithms.
  -aes128-gcm,aes192-gcm,aes256-gcm

How to reproduce:

1. Navigate to Main menu of the management console select List from Service Providers.
2. Under the listed service providers select Edit on you preferred service providers.
3. Go to Inbound Authentication Configuration>SAML2 Web SSO Configuration.
4. Enable Assertion Encryption and select one of the above mentioned algorithms as the Assertion Encryption Algorithm.
5. Press Update.
6. Go to the sso.properties file in the service provider web app and set SAML2.EnableAssertionEncryption as True.
7. Restart the web app server and try to sign in.

Expected behavior:

• Sign in to the web app.

Environment information

• Product Version: IS 6.0.0
• OS: Mac OS 12.4
• Database: MySQL 8.0.29
• User store: Primary and Secondary
• Browser: Firefox 91.0

---

• No issue with SSO when using the algorithms aes256-cbc,aes192-cbc,aes128-cbc,tripledes-cbc

[ImalshaG]

This was a limitation in the sample app that was being used: saml2-web-app-pickup-dispatch. The SAML response sent from the IS is a valid response but the sample app does not have support for decryption using algorithms other than the default algorithm to decrypt this response.
Since this is not an issue in the IS, closing this issue.