Simple signature validation

Steve Herrera sherrera at
Wed Oct 12 21:57:13 UTC 2022

This is the first SP that we have come across error messages like this.

2022-10-12 16:42:06,582 - WARN
- Message Handler:  Simple signature validation (with no request-derived
credentials) failed

2022-10-12 16:42:06,583 - WARN
- Message Handler:  Validation of request simple signature failed for
context issuer:

2022-10-12 16:42:06,583 - WARN
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:197] -
Profile Action WebFlowMessageHandlerAdaptor: Exception handling message

org.opensaml.messaging.handler.MessageHandlerException: Validation of
request simple signature failed for context issuer

I have searched the forum and one explanation was the certificate the SP
provided was incorrect from the metadata received. I reviewed that and it
is the same. I have the ability to configure the certificate that this SP
provides in their metadata and generated a new certificate. Same result. I
worked with their SAML techs and they made some minor changes on their end.
They said they are using OpenSAML 3.3.1

This is the error when going to the URL for the SP:

The request cannot be fulfilled because the message received does not meet
the security requirements of the login service.

The logon page is never displayed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list