Invalid Signature error when configuring SAML2 with signing

Article Id: 125507

Status: Published

Updated On: 30-01-2019 06:04

Products:

CA Infrastructure Management , CA Infrastructure Management , CA Performance Management - Usage and Administration , CA Performance Management - Data Polling

Issue/Introduction:

After setting up SAML2 with signing, the follwong error is seen in the PC_HOME/sso/logs/SsoService.log:

ERROR | qtp1649115615-37 | <timestamp> | common.sso.saml2.UserAssertionService
| Receive StatusCode: urn:oasis:names:tc:SAML:2.0:status:Requester. Message: Invalid signature

And login fails for SAML2 authenticated users.

Cause:

There is a mismatch between the Metadata/Certificate information the IDP has from CA Performance Center

Environment:

CA Performance Management

SAML2 authentication with signing

Resolution:

Make sure the documentation is followed closely and the IDP has up to date Metadata from CA Performance Center (CAPC)

Additional Information:

https://docops.ca.com/ca-performance-management/3-6/en/administrating/single-sign-on/set-up-saml-2-0-support