Missing or invalid signature on assertion

Wavyne Belance wbelance at luc.edu
Wed Aug 29 16:13:16 EDT 2012

Thanks for your help. That fixed my issue.

>>> Nate Klingenstein <ndk at internet2.edu> 8/29/2012 2:02 PM >>>

It appears that our metadata cert doesn't match the SAML assertion cert that is being transmitted. Can something explain why this has occurred and what can be done to fix it?

You can check the certificate that is being used by the IdP by looking at the certificate subelement of <security:Credential id="IdPCredential" xsi:type="security:X509Filesystem"> in relying-party.xml.  You'll need to compare that certificate to the one in the metadata file you supplied to the PingFederate SP.  You can make sure they match by updating one, the other, or both.

Let us know if we can help further,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120829/f138de26/attachment.html 

More information about the users mailing list