Signature trust establishment failed for metadata entry

Peter Schober peter.schober at
Mon Jun 29 11:22:10 UTC 2020

* Jehan Procaccia <jehan.procaccia at> [2020-06-29 08:26]:
> - EntityDescriptor 'recruitee' failed signature verification, removing from
> metadata provider
> Is there something I can workaround on my side or the service provider mess
> something in their metadata ?

If the signature is incorrect then SP would have to fix the signature
(or you'd have to remove the signature validation filter, throwing any
security out the window).

You can verify the signature outside of the IDP codebase using
e.g. XmlSecTool or xmlsec1 or samlsign, cf.


More information about the users mailing list