getting error: Neither the SAML assertion nor response is signed in samlServiceProvider.ReceiveSsoAsync

Hi all,

I am implementing a Net Core 3.1 SP and using the example IDP as the provider. I have run the example SP and it works OK to the IDP.
I suspect I have a configuration issue in my SP but can’t work out what it could be. I have compared the example SP appsettings to mine and they look the same (different ports though).
I am able to authenticate to the IDP but the response has some issues when AssertionConsumerService is called, specifically when samlServiceProvider.ReceiveSsoAsync is called.

Here are the details of the error from the debug output:

ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: Receiving a SAML message over HTTP-Post.
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: HTTPS request:
POST /SAML/AssertionConsumerService HTTP/2.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-AU,en;q=0.9
Cache-Control: max-age=0
Connection: close
Content-Length: 3386
Content-Type: application/x-www-form-urlencoded
Cookie: .AspNetCore.Antiforgery.uBizuLQslAs=CfDJ8AAhJRI4GF9ElLbNuTCVsL9AZ_erAyH4FR6nfTpyodPnmJVVQ0TG-nD0tJ4T3FWNbaJ675317DkP9UiTMPwrH5xFvo5JuBYlNwQs6jSXYZ5kIh15CEFEC0APtywbDfKXY3EI-sz9BMIrhPWPmKTVaQ4; .AspNetCore.Antiforgery.VrkCXwPmO48=CfDJ8AAhJRI4GF9ElLbNuTCVsL_HkiezocH-fUrYPpGguLFSBgsme99sn6-wxrDn9RecFNGc29SRVjk-xyw2kmArtWo05ukowjr2u6aQzVs8OoqGphxL2iTGOSngUpBHbtgm0OBXM0zmO9WUs2sDvJk6TlQ; saml-session=184dc609-42df-4699-9117-2fbea367cf26; .AspNetCore.Antiforgery.FksgP3xR7Fo=CfDJ8AAhJRI4GF9ElLbNuTCVsL8-6ypBAuqEfWeuqTi5LfdIHCuuYIi46mwtY4Bv5kgtrOsa8XOSARnMwr1VjiSY7LapnZenHnj6GYAezIfaNp7qa4MXh-r9Pk3wNsytBkl_92LGCl3ZCa8HJDCm2Vb2kf0; .AspNetCore.Antiforgery.HLo2PKqf_lk=CfDJ8AAhJRI4GF9ElLbNuTCVsL_1ukP5IVXNjNcluqdmXsBrf_JDjJUD8c6xSBjxgw5g37in1Ow0wuYTE7vAxNuLcjOpKh5nmmLuwhPsySj5F8ZyBapzMLAWxAjajqtG7_TQfAIguDyCsh6IdjC9yeMkv-4; ExampleServiceProvider.Identity=CfDJ8AAhJRI4GF9ElLbNuTCVsL9Bj49ARlwSXVKj6IAhndRzCqcPYfWEt-mufpSJLM3BciXJJKgdohKc_moCQoSfrrMx2mCQgd99qxax649-5lHSpFDbQ9yiUXMrGsv6IWtB0DWYblfCWfALAkxSp0UGAFxrhtkSxhdI8zSzyc0-yL7LU8Rg08QZBYvWX_ncR9CQY_Io-WSELxHX2vY_rj5pvyhuGciIedkPD7sveUydte19q-ACNh9myEgmdZNuebFpci91V7qN5Y2yWbr2uPl3lXZRFG03ocfi9QGVF0lJEBwf6tfhAazm1RPAmFBvIr5hHO5Gk-J4G5es__FDgzFkGZ8hvA9xp9asbzhbYO4pt0xpNHT7DOeDXwq6WaM9NG2cuz7FzmPPkXfeRkgDwN5PHOAo-KwmZnPCGK5SZ3Sju1BWL7e3PJGfLR1gNf9A-6kOTHQtXRxvLC_B5xObeNakP3FMYJudxDuirRIXn83o5jzH90Ox9cnsRkYzuVkrsy-6j6ji0qniaTbKHlfEvZIYUtHaRoQdi-sN8iq0I3yrKu1Y8jEF8ij2LQeICVBKA-gHbzzG6zzCAZZiLvFE-p5j98twAbVS5nHPhE13SjoXreoaQBcvWp_E2dRelEvFEHVrNJZN5QOcLmPzKTzwlTHmopYijc1UJcDFYqd0rJX-bI3yz8PzLBMG2OtmrW-6rG0LTJjI6ZgqQN8YsCH1whEX4-pnR-H9DQ0ezOtmBGGFBisFswvP3i7WEioYGr5p3EqthHgiBmUXVJCFnh3YpWKTo-G9LC6Oqwz8WISVuHXHjv9tp0r6I6a0MIt2up_ejsj35TTRYrSLuRrn2FR1dv0W7fW0Ff2IyA1qx5zrdXqTa0a2waT0YKILxESdfViPBHtcLPe1iMlgJt_QZbIUNSv5JZuRThZ1HiTm2fNblrfkNP_SnLt4WxzBHBXJhuNikEGz_A; ExampleIdentityProvider.Identity=CfDJ8AAhJRI4GF9ElLbNuTCVsL-5Oj2uuwaISUcRerrqZu7Icv-_w1tjOO1FygZOV4V05ql_Z4hfeAJzJQrT7uBL6xSzUcWnasC1C9kD7RcL7ZTD-xOMKqvwqnjxPpRSDo55_p1xC37uy6u-xgeBj2n-Ng1NFi2TY5iDjSB5YZwEWaNCccKdnT0_Lb1YDNpL4WT-7aV7bSvTgs4MM_cNBg0o5nzXtrTjOB7wQTFMHuSWUdUlb37uO9nqpVZy8hz0jljLeoB_HZNun-B5ZPaA7BUoOiFLd7ODk7JgnrlwUkStkWWqrSNPIcVhlvFOmOSQyNO29yXrvYnFTWyxHfVhAp7mXZy25f5vboCLOJ4VN16ralZ0YMCvVjET_bCKYbDgSiJ5NJdgsbmB0MGLeAEspasbLv-lUS9JhSOXYv88KVgoFjCjLR22ZiuICNYwlejlOiRFLIWfBPoAbO0nIN6VwJkeFVOn2vhsGqJmJKnvan3OJBmKefAsYvFz5EmPzTttqXdEnpDmZmLVuHTiisVF9MYGZMQ6cUzLCb8k6Sl9-AFIzT4AP6_UJllCR00dBGt_WPEIiAm-yz1gBQ7QWAVOPRKQgQxsLx2S_zihf_64qe64KFXMF4TBXQjMpaZZgXEuzFXKgS_n3WVjiVjkQqwHFZ9q0Ikv1NLWIEsRe7k7bdf0afKn2mhqB6yb01tjA_fBFMGHUXMTEmIsVMo4B9_XxbuKAMqSY2XonrMMMbYjmQ4Lmlj9mLG8oRgnhy0FnNU9HmbJt3N3s50MbiUJHtuofTwRAxGLncSiC9PknXL8Hq45yXIyc-AGDfOTbpjeDyDeG7m_6vnHyuYjnWyVMI7obfv6-4VhC7J07xfPXFpqBl2GtHOndva2Y87TcpK82n-fv3TdFYTwsdyjuo_d9Pzk6uk3CHjQEbo8g0K7o_Y73N_Zcxe1DiEZsHiCxgNjDPJKGHEr_cXlf00fdJ6waMukHiQNE6s
Host: localhost:44375
Referer: https://localhost:44313/SAML/SingleSignOnService?SAMLRequest=fZJfT8IwFMW%2FytL3uboNGA0s4Y%2FGJSgLmz74Ysq4QpPSzt4O9dtbNjT4AC99OLnnnt896Qj5XtZs0tidWsFHA2i9bD4mb%2Bt%2BEoecR%2F4wcU9Mk8Tn%2FWHPH9B1RBOIBhGPiPcCBoVWYxLeUOJliA1kCi1X1kk0pD5NfBqXtMd6QxaGr8SbuwShuG1dO2trZEEgdcXlTqNlcRzdRkExeVwEhVBbCYXYqqUqwBxEBcS716aClnZM3rlEJ2WYc0RxgD8lN9rqSsupUBu3ZEwao5jmKJApvgdktmLHCOao2bobQvZQlrmfL4uSeBNEMEfEmVbY7MGc8p9XiwvQg14HfclJvK%2B9VMjauq8D1Sd6ko6O06xt1Zz5r9tdFx0BSX9J79RWKJjDutlOi%2FhE5Eo6iA2YUXCW0kXW7Mmtzea5lqL69iZS6s%2BZAW5dxdY07pgg7Wz%2Ff076Aw%3D%3D&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=F14oJEyP40rVKU5SUtcKt4q7y6h9vYCGn8fZlDaViF9wvFexyPoz7Cn92rgHwFPGeIR002S9RPWShnP2cg7hZlWD8ppV8ir%2F9r3rTkjx8O1koWsxgMPHssz2oXSxFUw6Ly5ji0WMdWOGnPxcIbpligAkXeBP0U04wUQc103B7wHv8wnubhRup33eEFuhPApkzTNhLdPDh02c7P%2FWeNv1OwbhztZFa663CtJ60ciOcR5Cv4EoJu%2BMZ9mL%2Bje06N1zHovmT4bPaGzXx%2B5WhCIxnAC3dgKXGugP6bI671qlRNfOr2LEB16HMVy2XptnXGwdTK4eBrFsFmSGyRCGOaxmUQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
upgrade-insecure-requests: 1
origin: https://localhost:44313
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfZTk5NDAyNDMtM2U1Yi00NzgxLThmNTItNDhhZjU4OTYyMmEzIiBJblJlc3BvbnNlVG89Il9iNjg0MmFhMy05OGEzLTQwODgtYTY5NS03MGIzMDhlMzczYTMiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIwLTA4LTA0VDA1OjU5OjIyWiIgRGVzdGluYXRpb249Imh0dHBzOi8vbG9jYWxob3N0OjQ0Mzc1L1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9FeGFtcGxlSWRlbnRpdHlQcm92aWRlcjwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBWZXJzaW9uPSIyLjAiIElEPSJfNTA1MDM2MjItOTgzYy00YzM0LTg1NTQtN2I5YjhmYTkxZTA3IiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDgtMDRUMDU6NTk6MjJaIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9FeGFtcGxlSWRlbnRpdHlQcm92aWRlcjwvc2FtbDpJc3N1ZXI+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+c2NyaW0uZ29yZG9uQGdtYWlsLmNvbTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wOC0wNFQwNjowMjoyMloiIFJlY2lwaWVudD0iaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNzUvU0FNTC9Bc3NlcnRpb25Db25zdW1lclNlcnZpY2UiIEluUmVzcG9uc2VUbz0iX2I2ODQyYWEzLTk4YTMtNDA4OC1hNjk1LTcwYjMwOGUzNzNhMyIgLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMC0wOC0wNFQwNTo1NjoyMloiIE5vdE9uT3JBZnRlcj0iMjAyMC0wOC0wNFQwNjowMjoyMloiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9FbmdpbmVEZWJ1Z0JTNFNlcnZpY2VQcm92aWRlcjwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjAtMDgtMDRUMDU6NTk6MjJaIiBTZXNzaW9uSW5kZXg9Il81MDUwMzYyMi05ODNjLTRjMzQtODU1NC03YjliOGZhOTFlMDciPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3Nlczp1bnNwZWNpZmllZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2VtYWlsYWRkcmVzcyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5zY3JpbS5nb3Jkb25AZ21haWwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2dpdmVubmFtZSI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5Hb3Jkb248L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc3VybmFtZSI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5TY3JpbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==&RelayState=/
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: Parsing the HTTP post data.
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: Retrieved parameter SAMLResponse: PHNhbWxwOlJlc3BvbnNlIElEPSJfZTk5NDAyNDMtM2U1Yi00NzgxLThmNTItNDhhZjU4OTYyMmEzIiBJblJlc3BvbnNlVG89Il9iNjg0MmFhMy05OGEzLTQwODgtYTY5NS03MGIzMDhlMzczYTMiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIwLTA4LTA0VDA1OjU5OjIyWiIgRGVzdGluYXRpb249Imh0dHBzOi8vbG9jYWxob3N0OjQ0Mzc1L1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cHM6Ly9FeGFtcGxlSWRlbnRpdHlQcm92aWRlcjwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBWZXJzaW9uPSIyLjAiIElEPSJfNTA1MDM2MjItOTgzYy00YzM0LTg1NTQtN2I5YjhmYTkxZTA3IiBJc3N1ZUluc3RhbnQ9IjIwMjAtMDgtMDRUMDU6NTk6MjJaIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9FeGFtcGxlSWRlbnRpdHlQcm92aWRlcjwvc2FtbDpJc3N1ZXI+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQ+c2NyaW0uZ29yZG9uQGdtYWlsLmNvbTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wOC0wNFQwNjowMjoyMloiIFJlY2lwaWVudD0iaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNzUvU0FNTC9Bc3NlcnRpb25Db25zdW1lclNlcnZpY2UiIEluUmVzcG9uc2VUbz0iX2I2ODQyYWEzLTk4YTMtNDA4OC1hNjk1LTcwYjMwOGUzNzNhMyIgLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMC0wOC0wNFQwNTo1NjoyMloiIE5vdE9uT3JBZnRlcj0iMjAyMC0wOC0wNFQwNjowMjoyMloiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9FbmdpbmVEZWJ1Z0JTNFNlcnZpY2VQcm92aWRlcjwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjAtMDgtMDRUMDU6NTk6MjJaIiBTZXNzaW9uSW5kZXg9Il81MDUwMzYyMi05ODNjLTRjMzQtODU1NC03YjliOGZhOTFlMDciPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3Nlczp1bnNwZWNpZmllZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2VtYWlsYWRkcmVzcyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5zY3JpbS5nb3Jkb25AZ21haWwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2dpdmVubmFtZSI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5Hb3Jkb248L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc3VybmFtZSI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5TY3JpbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: Retrieved parameter RelayState: /
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: SAML response: <samlp:Response ID=“_e9940243-3e5b-4781-8f52-48af589622a3” InResponseTo=“_b6842aa3-98a3-4088-a695-70b308e373a3” Version=“2.0” IssueInstant=“2020-08-04T05:59:22Z” Destination=“<a href=“https://localhost:44375/SAML/AssertionConsumerService””>https://localhost:44375/SAML/AssertionConsumerService" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>https://ExampleIdentityProvider</saml:Issuer>samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status><saml:Assertion Version=“2.0” ID=“_50503622-983c-4c34-8554-7b9b8fa91e07” IssueInstant=“2020-08-04T05:59:22Z” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>saml:Issuerhttps://ExampleIdentityProvider</saml:Issuer>saml:Subjectsaml:NameIDscrim.gordon@gmail.com</saml:NameID><saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><saml:SubjectConfirmationData NotOnOrAfter=“2020-08-04T06:02:22Z” Recipient=“<a href=“https://localhost:44375/SAML/AssertionConsumerService””>https://localhost:44375/SAML/AssertionConsumerService" InResponseTo=“_b6842aa3-98a3-4088-a695-70b308e373a3” /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=“2020-08-04T05:56:22Z” NotOnOrAfter=“2020-08-04T06:02:22Z”>saml:AudienceRestrictionsaml:Audiencehttps://EngineDebugBS4ServiceProvider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=“2020-08-04T05:59:22Z” SessionIndex=“_50503622-983c-4c34-8554-7b9b8fa91e07”>saml:AuthnContextsaml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>saml:AttributeStatement<saml:Attribute Name=“saml:AttributeValue"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress”><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=“<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“”>http://www.w3.org/2001/XMLSchema-instance">scrim.gordon@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name=“saml:AttributeValue"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname”><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=“<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“Gordon</saml:AttributeValue></saml:Attribute>saml:Attribute"http://www.w3.org/2001/XMLSchema-instance”>Gordon</saml:AttributeValue></saml:Attribute><saml:Attribute Name=“saml:AttributeValue"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname”><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=“<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“Scrim</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>”>http://www.w3.org/2001/XMLSchema-instance">Scrim</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: Relay state: /
ComponentSpace.Saml2.Bindings.Post.HttpPostBinding: Debug: The SAML message has been received over HTTP-Post.
ComponentSpace.Saml2.SamlProvider: Debug: The XML validated against the SAML XML Schemas.
ComponentSpace.Saml2.SamlServiceProvider: Debug: The SAML response status is success.
ComponentSpace.Saml2.SamlServiceProvider: Error: Receiving an SSO response from a partner identity provider has failed.

ComponentSpace.Saml2.Exceptions.SamlSignatureException: Neither the SAML assertion nor response is signed.
at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem)
at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
Exception thrown: ‘ComponentSpace.Saml2.Exceptions.SamlSignatureException’ in System.Private.CoreLib.dll
Neither the SAML assertion nor response is signed.

I can see another error about “Receiving an SSO response…” but don’t undersatand this as if I look at the IDP my user is logged in OK.

Here is the contents of my appsettings.json on the SP:

“SAML”: {
“$schema”: “<a href=“https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",">https://www.componentspace.com/schemas/saml-config-schema-v1.0.json”,
“Configurations”: [
{
“LocalServiceProviderConfiguration”: {
“Name”: “<a href=“https://EngineDebugBS4ServiceProvider”,”>https://EngineDebugBS4ServiceProvider”,
“Description”: “Engine Debug BS4 Service Provider”,
“AssertionConsumerServiceUrl”: "<a href=“https://localhost:44375/SAML/AssertionConsumerService",">https://localhost:44375/SAML/AssertionConsumerService”,
“SingleLogoutServiceUrl”: "<a href=“https://localhost:44375/SAML/SingleLogoutService",">https://localhost:44375/SAML/SingleLogoutService”,
“ArtifactResolutionServiceUrl”: “<a href=“https://localhost:44375/SAML/ArtifactResolutionService",">https://localhost:44375/SAML/ArtifactResolutionService”,
“LocalCertificates”: [
{
“FileName”: “certificates/EngineDebugBS4.pfx”,
“Password”: “password”
}
]
},
“PartnerIdentityProviderConfigurations”: [
{
“Name”: “<a href=“https://ExampleIdentityProvider”,”>https://ExampleIdentityProvider”,
“Description”: “Example Identity Provider”,
“SignAuthnRequest”: true,
“SignLogoutRequest”: true,
“SignLogoutResponse”: true,
“WantLogoutRequestSigned”: true,
“WantLogoutResponseSigned”: true,
“SingleSignOnServiceUrl”: "<a href=“https://localhost:44313/SAML/SingleSignOnService",">https://localhost:44313/SAML/SingleSignOnService”,
“SingleLogoutServiceUrl”: "<a href=“https://localhost:44313/SAML/SingleLogoutService",">https://localhost:44313/SAML/SingleLogoutService”,
“ArtifactResolutionServiceUrl”: “<a href=“https://localhost:44313/SAML/ArtifactResolutionService",">https://localhost:44313/SAML/ArtifactResolutionService”,
“PartnerCertificates”: [
{
“FileName”: “certificates/idp.cer”
}
]
}
]
}
]
},
“PartnerName”: “<a href=“https://ExampleIdentityProvider””>https://ExampleIdentityProvider”

Any help most appreciated.

Gordon

Hi Gordon,

Thanks for including the section of SAML trace.

The service provider expects either the SAML response or the SAML assertion contained in the response to be signed. The SAML response you received has neither signed so we throw the exception you see.

In the SAML configuration for the ExampleIdentityProvider, update the PartnerServiceProviderConfiguration for your service provider to specify either SignSamlResponse or SignAssertion.

For example:


“PartnerServiceProviderConfigurations”: [
{
“Name”: “<a href=“https://ExampleServiceProvider”,”>https://ExampleServiceProvider",
“SignSamlResponse”: true,
},

You’re welcome.