The application was configured for ADFS SSO using the documentation provided by the vendor, however whenever a user tries an SSO login they get an error saying they don't have permission to the application.
The service provider (SP) may also report that they are seeing the following or similar in their logs:
Could not check the signature: The received certificate signature is not valid
The default is MessageOnly.
Here is our documentation regarding this option:
1 - To fix the issue, in CAM go into the 'token settings' configuration for the application and change the value of samltoken.signature to 'MessageAndAssertion'.