Invalid Signature error when configuring SAML2 with signing

book

Article ID: 125507

calendar_today

Updated On:

Products

CA Infrastructure Management CA Infrastructure Management CA Performance Management - Usage and Administration

Issue/Introduction

After setting up SAML2 with signing, the follwong error is seen in the PC_HOME/sso/logs/SsoService.log:

ERROR | qtp1649115615-37 | <timestamp> | common.sso.saml2.UserAssertionService 
| Receive StatusCode: urn:oasis:names:tc:SAML:2.0:status:Requester. Message: Invalid signature 

And login fails for SAML2 authenticated users.

Cause

There is a mismatch between the Metadata/Certificate information the IDP has from CA Performance Center

Environment

DxNetOps Performance Management

SAML2 authentication with signing

Resolution

Make sure the documentation is followed closely and the IDP has up to date Metadata from CA Performance Center (CAPC)

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/performance-management/20-2/administrating/single-sign-on/set-up-saml-2-0-support/saml-2-0-support-in-single-sign-on.html