Identify receives a SAMLResponse message from an upstream Identity Provider that either doesn’t have KeyInfo elements or KeyInfo elements don’t directly tell key is used. For example:
When processing such message, Identify may return error message: ID4022: The key needed to decrypt the encrypted security token could not be resolved. Ensure that the SecurityTokenResolver is populated with the required key.
<component id="UnsolicitedResponseRequestHandler" lifestyle="Singleton" service="Safewhere.IdentityProvider.RuntimeModel.IRequestHandler, Safewhere.IdentityProvider.RuntimeModel"
here is a screenshot of where it is:
- Security token resolver factory: Choose the option: “Safewhere.IdentityProvider.Saml2.Tokens.CustomSubResolverSecurityTokenResolverFactory, Safewhere.IdentityProvider.Saml2”.
- Signing security token sub resolvers: Choose Select All.
- Encrypting security token sub resolvers: Choose Select All.
3. Reset the application pool of the Identify instance that you just modify.