How to Validate a Signed SAML Request

Follow

SecureAuth IdP Version Affected:  All versions

Description: This guide will instruct how to validate a signed SAML request. A common error message you may see is:

SAMLRequest Failed signature verficationError: at MFC.WebApp.SecureAuth.SAML20SPInitPost.ReceiveAuthnRequest(AuthnRequest& authnRequest, String& relayState) at MFC.WebApp.SecureAuth.SAML20SPInitPost.Page_Load(Object sender, EventArgs e)

Cause:  The public certificate of the service provider is missing from the IdP configuration.

Resolution: You will need to add the base64 encoded public certificate.

  1. Go to the Admin Panel
  2. Navigate to the Post Auth tab
  3. Ensure that the "Authenticated User Redirect" is set to "SAML 2.0 (SP Initiated by Post) Assertion. Currently, signed SAML requests are only supported by POST.
  4. Add the base64 encoded public certificate here in the ACS/SAMLRequest Certificate box:

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.