[IdP] "Signature Validation failed" error message
Forge component by Rui Barbosa
Published on 07 Oct 2020

Anybody have any ideas why the below error is made "Signature validation Failed" in the Single-Sign-Out in ADFS using rsa-sha1

Rank: #110

Hi Jessica,

Did you configure the correct public certificate provided by your SP?



Rank: #212

Hi Jessica,

This is a common issue, when: Certificate provided by other parties (your federation server) has expired. 

How to Fix:

- Reimport Certificate from Service Provider 

How to  do it actually: 

- The preferred way to get federation metadata and import it. 

- Or just download request a certificate from your federation authorities and import it.  

Other items to check: 

- Please note that your certificate of idP module, as well subject of expiring. Do not forget to check when is the certificate validity expiration date and send it to your Federation provider to update the certificate.

Tips and links:
Default link to federation metadata:  https://<hostname>/federationmetadata/2007-06/federationmetadata.xml  (just update hostname of you Federation provider name and try)

How to get a certificate on the other side: https://support.knowledgeowl.com/help/adfs-sso-setup

Rank: #931

in IDP , the expired date is shown 12-08-2026 and seems not to be expired.

Rank: #110

I see your SAML message doesn't contain any SignedInfo, SignatureValue, Signature. Check out your IdP configuration.

Rank: #110

How does your "Accept Unsigned Logout Response" and "IdP Want Authn Signed" options look like?

Rank: #931

my settting is : 

"IdP Want Authn Signed"  = checked

"Accept Unsigned Logout Response" = checked

Rank: #110

Maybe unrelated.. Do you've SAML protocol for bind Single Logout set to HTTP-Redirect? Does your IdP doesn't support the HTTP-POST?

Rank: #931

it is using http-post. Thanks

Rank: #110

Oh strange, then why does it reads the Saml Message bind as HTTP-Redirect in the first attached image.