Access official resources from Carbon Black experts
Cb Response 5.x
To diagnose problems between the Cb Response Server and ADFS. The following list shows messages you may see in /var/log/cb/coreservices/debug.log and possible responses to correct the problem.
First, Follow the steps provided in this guide:
Enable Verbose Debugging for SSO/SAML
File "/usr/lib/python2.6/site-packages/saml2/response.py",
line 554, in condition_ok
raise Exception("Not for me!!!")
Exception: Not for me!!!
There could be a mismatch between what is sent by the IdP and what is expected by the SP. This could be a simple case where the FQDN described in the metadata file contains upper-case characters and the assertion contains only lower-case characters. Changing the case so that it is consistent throughout should help to resolve this problem.
File "/usr/lib/python2.6/site-packages/saml2/validate.py",
line 97, in validate_before
raise Exception("Can't use it yet %d <= %d" % (nbefore, now))
Exception: Can't use it yet 1422811221 <= 1422811211
There is a mismatch in the clocks of ADFS and the Carbon Black Enterprise Server. Synchronizing the clocks should help resolve this problem.
<err> saml2.sigver - correctly_signed_response: http://<FQDNof-ADFS>/adfs/services/trust
<err> saml2.entity - Signature Error: http://<FQDN-ofADFS>/adfs/services/trust
It is possible that there is a problem with the signature of the SAML assertion. This could be resolved by ensuring that both the IdP and SP metadata files accurately reflect the configuration of the IdP and SP. Solving this error may involve retrieving a new IdP metadata file from https://<FQDN-of-ADFS>/FederationMetadata/2007-06/FederationMetadata.xml and a new SP metadata file by running the following command:
/usr/share/cb/cbssl sso --make-metadata > /tmp/cb-metadata.xml
File "/usr/lib/python2.6/site-packages/werkzeug/local.py",
line 363, in <lambda>
__getitem__ = lambda x, i: x._get_current_object()
KeyError: '_xsrf_token'
It is possible that the SAML assertion contains characters that the Carbon Black Enterprise Server interpreted as a cross-site request forgery. This is a known issue, which does not affect the SSO functionality. Upgrade to the latest version of Cb Response.
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.