SAML2 not working after upgrade to 20.2


Article ID: 206191


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps


After upgrading to 20.2.5 in a test environment, I cannot get SAML2 authentication working (was working prior to upgrade). The user assertion is posted and the browser receives a 302 redirect to the login page with the error "Error Authenticating: SAML Authentication Failed". In the sso logs, I see "Response is incorrectly signed" and similar messages. The sso/configuration/, the metadata referenced in it, and keystore referenced in it seem to be correct. SsoConfig shows SAML2 authentication is enabled and has the same configuration as before the upgrade. I will attach a RemoteEngineer diagnostic.


It's complaining the signature in the IDP XML being used by SSO ( metadata file) doesn't align to the signature that the UserAssertion has been signed with.


Release : 20.2

Component : IM Reporting / Admin / Configuration


Check to see if the metadata file pointed to in has the correct signature that the IDP is using.  The IDP may have changed it, but they didn't export a new metadata XML from IDP and copy to PC and restart SSO service.