Missing or invalid signature on assertion

Nate Klingenstein ndk at internet2.edu
Wed Aug 29 15:02:16 EDT 2012


> It appears that our metadata cert doesn't match the SAML assertion  
> cert that is being transmitted. Can something explain why this has  
> occurred and what can be done to fix it?

You can check the certificate that is being used by the IdP by looking  
at the certificate subelement of <security:Credential  
id="IdPCredential" xsi:type="security:X509Filesystem"> in relying- 
party.xml.  You'll need to compare that certificate to the one in the  
metadata file you supplied to the PingFederate SP.  You can make sure  
they match by updating one, the other, or both.

Let us know if we can help further,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120829/7b842916/attachment.html 

More information about the users mailing list