[IdP] Error Processing SAML response

[IdP] Error Processing SAML response

  
Forge Component
(25)
Published on 4 Jul by Telmo Martins
25 votes
Published on 4 Jul by Telmo Martins

Hello Mates, 

We're trying to connect to Idp to establish ADFS connection, but getting this Error. 

SAML_Response_Process.IsValid always coming with false while the User Data retrieved successfully in the UserData. 




Any help is appreciated. 

Best Regards, 

Mohamed AlMokadem 

Hello Mohamed,

Based on the screen capture you shared most probably you are facing this issue because Signature failed to validate. This may give you hint to proceed in right direction.

Junaid Ahmed Syed wrote:

Hello Mohamed,

Based on the screen capture you shared most probably you are facing this issue because Signature failed to validate. This may give you hint to proceed in right direction.


Yeah, This probably could be the issue but which signature here is failed, The mapping of user claims or the network signature ? Couldn't detect which signature and where is it.

Hi Mohamed,

Probably you did not configure the right certificate on the IdP connector (just in case you can also confirm on SAML messages log that the response xml actually have a Signature node).

On IdP server settings configuration tab, you have to configure the certificate provided by your IdP server.

Regards

Telmo Martins wrote:

Hi Mohamed,

Probably you did not configure the right certificate on the IdP connector (just in case you can also confirm on SAML messages log that the response xml actually have a Signature node).

On IdP server settings configuration tab, you have to configure the certificate provided by your IdP server.

Regards

Thank you for your reply Telmo. 


I dont know but is it possible to return the right UserData from Active Directory while configuring the wrong certificate ? 

Here is the SAMLMessage return it might help. 

Best Regards 

Solution

Hi,

The component by itself can retrieve it and know how to do it regardless the correct (or incorrect) certificate. But again, if the certificate that is configured is not the right one and cause signature verify to fail, then an error is thrown.

Regards

Solution

Telmo Martins wrote:

Hi,

The component by itself can retrieve it and know how to do it regardless the correct (or incorrect) certificate. But again, if the certificate that is configured is not the right one and cause signature verify to fail, then an error is thrown.

Regards

We did reconfigure the certification again and turns out it was the problem as you said. 


Thank you Telmo Martins