Validating SAML signatures

Max Spicer max.spicer at
Mon Nov 29 13:16:38 UTC 2021

I'm having issues with an SP that is signing AuthnRequests with a different
key to the one that they advertise in their metadata. SSO is not currently
broken as we have the correct key in our local copy of their metadata - one
that they advertised several years ago. I'm trying to persuade the SP that
they are advertising the wrong key, but am struggling with this.

I have verified that our IdP successfully validates the signature in the
authn requests when it has the correct key, and fails when given the "new"
key. Can anyone recommend a tool / process to reproduce these results
outside of the IdP?

I have tried but
unfortunately cannot get it to validate a signed authnrequest with the
correct key. Either the tool isn't working, or I don't know how to use it.


Max Spicer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list