I got some progress on this. I decided to run this through the Eclipse debugger to see what was actually going on java level. Surprisingly the first authentication attempt immediately succeeded.
After some digging around I discovered that Eclipses by default uses a JRE version 1.8.0_171, while the Mendix Modeler uses a JDK version 1.8.0_144. When I reconfigure Eclipse to use the JDK from the Mendix Modeler, the issue also appears in Eclipse.
So it seems the issue is caused by something (I expect a configuration of some sort) in the Java runtime itself.
I got some progress on this. I decided to run this through the Eclipse debugger to see what was actually going on java level. Surprisingly the first authentication attempt immediately succeeded.
After some digging around I discovered that Eclipses by default uses a JRE version 1.8.0_171, while the Mendix Modeler uses a JDK version 1.8.0_144. When I reconfigure Eclipse to use the JDK from the Mendix Modeler, the issue also appears in Eclipse.
So it seems the issue is caused by something (I expect a configuration of some sort) in the Java runtime itself.
The issue is solved now. I turned out that the JCE unlimited strength policy files where not installed in the Mendix JVM.
For others running into this problem:
The issue is solved now. I turned out that the JCE unlimited strength policy files where not installed in the Mendix JVM.
Do you use SFTP module also in your app? I had an issue whereby in combination with SAML and SFTP module I had an Java issue whereby the parameters in Java needed to be renamed.
No, I currently have no other modules in my project (except for the model reflection dependency).
SInce the decryption has failed I would first double check your decryption key again. Did you change something there? You might try to recreate your setup.
Regards,
Ronald
How do I check if the encryption key is correct?
I have tried to recreate the setup in mendix, and the relying trust party in ADFS, but the error did not disappear. I checked that the serial number of the encryption key in the SAML response matches with the private key in the keystore generated by the SAML module.