[IdP] "Signature Validation failed" error message

Forge Component
Published on 5 Jun by Leonardo Fernandes
43 votes
Published on 5 Jun by Leonardo Fernandes

Anybody have any ideas why the below error is made "Signature validation Failed" in the Single-Sign-Out in ADFS using rsa-sha1

Hi Jessica,

Did you configure the correct public certificate provided by your SP?



Hi Jessica,

This is a common issue, when: Certificate provided by other parties (your federation server) has expired. 

How to Fix:

- Reimport Certificate from Service Provider 

How to  do it actually: 

- The preferred way to get federation metadata and import it. 

- Or just download request a certificate from your federation authorities and import it.  

Other items to check: 

- Please note that your certificate of idP module, as well subject of expiring. Do not forget to check when is the certificate validity expiration date and send it to your Federation provider to update the certificate.

Tips and links:
Default link to federation metadata:  https://<hostname>/federationmetadata/2007-06/federationmetadata.xml  (just update hostname of you Federation provider name and try)

How to get a certificate on the other side: https://support.knowledgeowl.com/help/adfs-sso-setup

in IDP , the expired date is shown 12-08-2026 and seems not to be expired.

I see your SAML message doesn't contain any SignedInfo, SignatureValue, Signature. Check out your IdP configuration.

How does your "Accept Unsigned Logout Response" and "IdP Want Authn Signed" options look like?

my settting is : 

"IdP Want Authn Signed"  = checked

"Accept Unsigned Logout Response" = checked

Maybe unrelated.. Do you've SAML protocol for bind Single Logout set to HTTP-Redirect? Does your IdP doesn't support the HTTP-POST?

it is using http-post. Thanks

Oh strange, then why does it reads the Saml Message bind as HTTP-Redirect in the first attached image.