When AM (configured as IdP) receives a SAML request from a SP that supports MD5 as signature algorithm (according to its metadata), or another algorithm not supported by the AM underlying JCE, AM fails with an error 500 instead of ignoring that algorithm and trying the next SP supported one.
How to reproduce the issue
- Configure AM as IdP
- Configure a SP that requests MD5 signature primarily and an AM supported signature algorithm secondarily.
- Play a SP initiated flow from a browser connected to the SP login page for example
- After successful authentication on AM, a "Server Error" page is displayed by AM
Remove the algorithms that AM doesn't support from the SP config, export its metadata and reimport them in AM.
OPTIONAL - If you already investigated the code, please share your finding here (remove this text)