Validation of protocol message signature failed

Cantor, Scott cantor.2 at
Mon Apr 7 11:27:07 EDT 2014

On 4/7/14, 11:14 AM, "Vince Johnson" <vince.walsh at> wrote:

>    I am getting an error that has been reported before.  Sorry for the
>repeat.  I have some issue with configuration that I cannot identify.  I
>have checked the signing certificate and it appears to match between SP
>metadata (attached to the relying-party.xml) and the Authn HTTP Request.

Well, it doesn't match. Sorry, there's not much else to be said. The log
shows it validating the actual signature with the key from the message,
but it's falling into the PKIX engine, so it's not finding the key in the
metadata to prevent that step.

>I have tried
>different formats of the SP Metadata X509 Certificate (No Line Feed /
>Carriage Returns, Line Feed Only, Line Feed & Carriage Return) and the

Well, you can't do that to the signature, but the metadata itself doesn't
really care much, the base64 decoder generally will handle any of those.

-- Scott

More information about the users mailing list