org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error filtering metadata from {metadataURL}.xml ...(trimmed) Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error filtering metadata from {metadataURL}.xml ...(trimmed) Caused by: org.opensaml.saml2.metadata.provider.FilterException: Signature trust establishment failed for metadata entry

Prerequisites

• Alteryx Connect >= 2018.1
• Remote Desktop (RDP) or other direct access to the Alteryx Connect machine
• Windows Administrator account on the Alteryx Connect machine
• Alteryx Connect account within the "Administrators" group
• Certificate (.cer) or other X509 certificate file available to import
  • This certificate should be the IDP's signing certificate or part of the certificate chain
  • If you are not sure where to obtain this certificate, reach out to an administrator or support group for the CA, or your IT team for assistance

Procedure

1. Verify that the certificate file is available on the Alteryx Connect machine's local file system
2. You will also need the password for the SAML keystore (samlKeystore.jks in the ac_work directory). If you do not have this keystore password, follow the sub-steps to change the password
   1. Open Alteryx Connect in a web browser and login with an Administrator account
   2. Open the Administration panel by clicking on your account name in the upper-right corner and choosingAdministration from the drop-down
   3. ClickConnect Configuration from the Admin Menu
   4. ClickSingle Sign-On within the Connect Configuration panel
   5. Click Advanced settings near the bottom of the page
   6. Specify a new password in thePassword field
   7. ClickSave
3. Open aCommand Prompt (cmd.exe) as Administratoron the Alteryx Connect machine's desktop
4. Change directory to the Java bin directory of your Alteryx Connect installation.Replace{InstallDir}in the command below with the root path of your Alteryx Connect installation.
5. PressEnter
   
   Command Line:

cd "{InstallDir}\jre\bin"

Example:

cd "C:\Program Files\AlteryxConnect\jre\bin"

• The keytool.exe utility will need to be used in order to insert the certificate. Replace{file}in the command below with the full path to the certificate file being used. Replace{InstallDir}with the root path of your Alteryx Connect installation. Replace{alias}with a desired identifier for the certificate you are inserting. Replace{samlKeystorePassword}with the password gathered in Step 2 above.
  
  Command Line:

keytool.exe -importcert -file "{cert}" -keystore "{InstallDir}\ac_work\samlKeystore.jks" -alias "{alias}" -storepass {samlKeystorePassword}

Example:

keytool.exe -importcert -file "C:\Users\username\Desktop\SAMLSigningCert.cer" -keystore "C:\Program Files\AlteryxConnect\ac_work\samlKeystore.jks" -alias "ADFS_Signing" -storepass keystorePassword22

• PressEnter
• Executing the command above should return information about the certificate and a prompt asking to trust the certificate. Make sure the information in the return matches the expected values, then typeyesat the prompt.
• PressEnter

  
  
  
  

• Verify you receive the returnCertificate was added to keystore
  1. If you receive an error, review the error message and make any corrections necessary.
• RestarttheAlteryx Connectservice to apply the changes.

Additional Resources

• How To: Configure SAML on Alteryx Connect for Active Directory Federation Services (ADFS)