戻る
-
タイトル
SSO not working for SAML web application, Could not check the signature: The received certificate signature is not valid. -
説明
The application was configured for ADFS SSO using the documentation provided by the vendor, however whenever a user tries an SSO login they get an error saying they don't have permission to the application.
The service provider (SP) may also report that they are seeing the following or similar in their logs:
Could not check the signature: The received certificate signature is not valid
-
原因
This application doesn't work with the default SAML token signature setting that CAM uses -
対策
We have an option called samltoken.signature that has these three options:- MessageOnly - Sign the outer message
- AssertionOnly - Sign the assertion element
- MessageAndAssertion - Sign both the outer message and the assertion element.
The default is MessageOnly.
Here is our documentation regarding this option:
RESOLUTION 1:
1 - To fix the issue, in CAM go into the 'token settings' configuration for the application and change the value of samltoken.signature to 'MessageAndAssertion'.
Once that setting is changed the configuration recommended by the vendor should work.