Ang: Re: Ang.: RE: Ang.: Re: Unsoclicited SSO questions

Cantor, Scott cantor.2 at
Fri May 29 17:52:25 EDT 2015

On 5/29/15, 5:24 PM, "users on behalf of Johan Romin" <users-bounces at on behalf of johan.romin at> wrote:
>Alright, I've tried to remove the authnrequestsigned attribute and now the SP isn't able to validate the assertion

There is no possibility of that being related. That setting has no impact on the SP whatsoever. It wasn't able to validate the assertion to begin with. Several people have said that as I recall.

> I've contacted the Service Provider which are a part of IBM and they are using IBM Tivoli Federated Identity Manager as their endpoint. I'm not sure if this helps anyone but I hope it might shed some light onto this.

If they can't validate it, then they presumably have the wrong information for your IdP loaded, sourced from your metadata or otherwise. The key is wrong most likely, but it's their SP, and we certainly can't tell you what their logs say.

-- Scott

More information about the users mailing list