Unable to decode incoming request

Tom Scavo trscavo at gmail.com
Tue Mar 13 12:19:28 EDT 2018

Hi Michael,

On Tue, Mar 13, 2018 at 11:43 AM, Michael Dahlberg <olgamirth at gmail.com> wrote:
> I've
> checked the X509 cert in their metadata and it looks good.  Are there any
> other reasons why the IdP would be unable to decode the request?

You don't give enough information for me to be sure but my guess is
that the IdP is rejecting a signature based on the SHA-1 digest
algorithm. The IdP software is configured to do this out-of-the-box, I

But the real question is why is the SP signing the request at all.
That is not typical, and in most cases, not necessary.

Hope this helps,


More information about the users mailing list