SAML2 not working after upgrade to 20.2
search cancel

SAML2 not working after upgrade to 20.2


Article ID: 206191


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps


After upgrading to 20.2.5 in a test environment, I cannot get SAML2 authentication working (was working prior to upgrade). The user assertion is posted and the browser receives a 302 redirect to the login page with the error "Error Authenticating: SAML Authentication Failed". In the sso logs, I see "Response is incorrectly signed" and similar messages. The sso/configuration/, the metadata referenced in it, and keystore referenced in it seem to be correct. SsoConfig shows SAML2 authentication is enabled and has the same configuration as before the upgrade. I will attach a RemoteEngineer diagnostic.


Release : 20.2

Component : IM Reporting / Admin / Configuration


It's complaining the signature in the IDP XML being used by SSO ( metadata file) doesn't align to the signature that the UserAssertion has been signed with.


Check to see if the metadata file pointed to in has the correct signature that the IDP is using.  The IDP may have changed it, but they didn't export a new metadata XML from IDP and copy to PC and restart SSO service.