SAML2 authentication not working.

The user assertion is posted and the browser receives a 302 redirect to the login page with the error "Error Authenticating: SAML Authentication Failed". In the sso logs, I see "Response is incorrectly signed" and similar messages. The sso/configuration/saml.properties, the metadata referenced in it, and keystore referenced in it seem to be correct. SsoConfig shows SAML2 authentication is enabled and has the same configuration as before the upgrade.

Other messages might include We see "Signature verification failed", "Failure to validate signature", and "Assertion is incorrectly signed".

It's complaining the signature in the IDP XML being used by SSO (saml.properties metadata file) doesn't align to the signature that the UserAssertion has been signed with.

Check to see if the metadata file pointed to in saml.properties has the correct signature that the IDP is using. 

The IDP may have changed it, but they didn't export a new metadata XML from IDP and copy to Portal host and restart SSO service.