Yet another Idp error after SP upgrade

Nate Klingenstein ndk at internet2.edu
Sun Aug 11 17:08:07 EDT 2013


There's not much we can tell you on this one besides what is obvious: the signature failed to validate.

Make sure they're signing assertions with the same key that is in their metadata as loaded by you.  The decrypted assertion should contain the key, making it easy for you to check that this is the issue.

Other issues would include the signature just being computed wrong but that's not as likely...

On Aug 11, 2013, at 21:01 , Mike Flynn wrote:

> SAML response contained an error.
> Error from identity provider:
> Status: urn:oasis:names:tc:SAML:2.0:status:Requester
> Message: Invalid signature
> This is post upgrade - no change to their metadata (or mine - at least intentionally).




More information about the users mailing list