How to Validate a Signed SAML Request

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected:  All versions

    Description: This guide will instruct how to validate a signed SAML request. A common error message you may see is:

    SAMLRequest Failed signature verficationError: at MFC.WebApp.SecureAuth.SAML20SPInitPost.ReceiveAuthnRequest(AuthnRequest& authnRequest, String& relayState) at MFC.WebApp.SecureAuth.SAML20SPInitPost.Page_Load(Object sender, EventArgs e)

    Cause:  The public certificate of the service provider is missing from the IdP configuration.

    Resolution: You will need to add the base64 encoded public certificate.

    1. Go to the Admin Panel
    2. Navigate to the Post Auth tab
    3. Ensure that the "Authenticated User Redirect" is set to "SAML 2.0 (SP Initiated by Post) Assertion. Signed SAML requests are only supported by POST (unless above the versions mentioned in Special Considerations).
    4. Add the base64 encoded public certificate here in the ACS/SAMLRequest Certificate box:

     

    Special Considerations: Step3 can be skipped if you are at these versions or above.

    v9.3.0-Hotfix16
    v19.07.01-Hotfix8
    v20.06+

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.