Issue with signing and a relying party - IdP v3

Michael Weyandt maw120 at
Fri May 20 11:00:01 EDT 2016

Hello all,

Currently I’m having an issue with IdP v3 and a relying party. On their end I’m getting the following error:

	[20/05/16 09:38:19:706 EDT] DEBUG saml.SAMLResponseVerifier: Verify profile\ 
	[20/05/16 09:38:19:707 EDT] ERROR saml.SAMLResponseVerifier: Canonicalization algorithm:\ 
	[20/05/16 09:38:19:707 EDT] ERROR saml.SAMLResponseVerifier: Signature algorithm:\ 
	[20/05/16 09:38:19:707 EDT] DEBUG saml.SAMLResponseVerifier: Verify response signature\ 
	[20/05/16 09:38:19:707 EDT] ERROR saml.SAMLResponseVerifier: SAML signature profile validation has been failed\ 
	org.opensaml.xml.validation.ValidationException: Signature cannot be validated

Other SPs that we have that I do not need to setup as a relying party do not seem to be having any issues, any suggestions?

The only thing set for this SP in the relying party config is 

	<bean parent="SAML2.SSO" p:encryptAssertions="false" p:encryptNameIDs="false" />

  Mike Weyandt

More information about the users mailing list