locked
Invalid Signature on SAML Response RRS feed

  • Question

  • Hi,

    ADFS SSO was working.. and then it wasn't.

    All sites except Office365 are giving me Invalid Signature or bad signature response.

    What I've tried so fasr:

    ADPR server reinstall, ADFS basically reinstall, killed DB and recreated ADFS part. Set up everything again and yet still getting same error.

    All logging, etc is is turned on, can't really find anything useful.

    One maybe interesting warning which I get: Event ID 278 Source AD FS

    The SAML artifact resolution endpoint is not configured or it is disabled. 

    The artifact resolution service is not started. 

    User Action 
    If the artifact resolution service is required, use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint.

    --- Though everything seems to be switched on, etc. Valid cert, server time is fine and all that.


    • Edited by Jakko Valgi Saturday, January 5, 2019 5:19 PM
    Saturday, January 5, 2019 3:38 PM

Answers

  • Hi,

    I think I just fixed it.

    Token-signing certificate and Token-decrypting certificates .. these were the ones which I replaced.

    Recreated Relaying Party Trusts and done, works.

    Still wondering though, how did it work the whole time with these certs that I had there.

    • Marked as answer by Jakko Valgi Monday, January 7, 2019 8:08 PM
    Monday, January 7, 2019 8:27 AM

All replies