The customer is using SAML SSO using PingID to sign in to the Identity Portal.

The sign-in is working without the encryption. However, with the encrypted assertion, the following error is encountered:

2025-12-18 17:30:01,663 INFO  [stdout] (default task-17) [SIGMA APPENDER - FROM WEB] 2025-12-18 17:30:01,663 - INFO SAMLUtil - SAMLAuthentication Request Sent to IDP on the URL : https://xxx.domain.com/idp/SSO.saml2 using HTTP-POST method
2025-12-18 17:30:07,689 ERROR [org.opensaml.security.SAMLSignatureProfileValidator] (default task-17) SignableSAMLObject does not have a cached DOM Element.
2025-12-18 17:30:07,691 INFO  [stdout] (default task-17) [SIGMA APPENDER - FROM WEB] 2025-12-18 17:30:07,689 - ERROR im.AuthenticationModule.SAML - Signature verification failed.
2025-12-18 17:30:07,691 INFO  [stdout] (default task-17) org.opensaml.xml.validation.ValidationException: SignableSAMLObject does not have a cached DOM Element.

How do we solve this problem?

Identity Portal v14.5

The fix for this problem is now available as a hotfix. To obtain it, please reach out to Broadcom Support.

HotFix file: HF_IP-14.5.0-20260220140226-SAML_ENCRYPTION_FIX.tgz.gpg