Good afternoon. We have a client trying to do an IDP Initiated Assertion to our CS Service that we have implemented with many other clients successfully. However, this client is using NetIQ and 2 certs, 1 for Signing and 1 for Encryption. Anytime we enable the Response Sign and Encryption to True it fails with the below:
“The SAML response isn’t signed.”
Any thoughts?
Is it possible within CS to allow 2 different certs as noted above?
Currently we don’t support separate signature and encryption certificates.
In most scenarios the same certificate is used for both.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Also, please include your saml.config file with any passwords removed.