After upgrading to 20.2.5 in a test environment, I cannot get SAML2 authentication working (was working prior to upgrade). The user assertion is posted and the browser receives a 302 redirect to the login page with the error "Error Authenticating: SAML Authentication Failed". In the sso logs, I see "Response is incorrectly signed" and similar messages. The sso/configuration/saml.properties, the metadata referenced in it, and keystore referenced in it seem to be correct. SsoConfig shows SAML2 authentication is enabled and has the same configuration as before the upgrade. I will attach a RemoteEngineer diagnostic.

Release : 20.2

Component : IM Reporting / Admin / Configuration

It's complaining the signature in the IDP XML being used by SSO (saml.properties metadata file) doesn't align to the signature that the UserAssertion has been signed with.

Check to see if the metadata file pointed to in saml.properties has the correct signature that the IDP is using.  The IDP may have changed it, but they didn't export a new metadata XML from IDP and copy to PC and restart SSO service.