I’m having a hard time getting this operational in a new environment. I am running the identity provider and partner in the same environment, so there are a lot of moving parts and I’d appreciate some guidance as to where I should be looking because I don’t see any mention of this exception anywhere on the internet. I do have matching certificate files in the provider and partner directories and config files, and another member of the development team was able to get the interaction working on the old production servers, so I feel that I’m missing just this one piece of the puzzle at this point. Stacktrace, if helpful, follows. Thanks!
Line 28: // Receive the authn request from the service provider (SP-initiated SSO).
Line 29: SAMLIdentityProvider.ReceiveSSO(Request, out partnerSP);
Source File: [SSO provider dir]\SAML\SSOService.aspx.cs Line: 29
Stack Trace:
[SAMLSignatureException: The authn request isn’t signed.]
ComponentSpace.SAML2.InternalSAMLIdentityProvider.VerifyAuthnRequestSignature(HttpRequest httpRequest, XmlElement authnRequestElement, String signatureAlgorithm, String signature) +395
ComponentSpace.SAML2.InternalSAMLIdentityProvider.ProcessAuthnRequest(HttpRequest httpRequest, XmlElement authnRequestElement, String signatureAlgorithm, String signature, SSOOptions& ssoOptions) +25
ComponentSpace.SAML2.InternalSAMLIdentityProvider.ReceiveSSO(HttpRequest httpRequest, String& partnerSP, SSOOptions& ssoOptions) +322
ComponentSpace.SAML2.SAMLIdentityProvider.ReceiveSSO(HttpRequest httpRequest, String& partnerSP) +55
[SSO provider].SAML.SSOService.Page_Load(Object sender, EventArgs e) in [SSO provider dir]\SAML\SSOService.aspx.cs:29
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +51
System.Web.UI.Control.OnLoad(EventArgs e) +92
System.Web.UI.Control.LoadRecursive() +54
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +772
This exception occurs if the authn request isn’t signed but it’s expected to be signed.
In your SAML configuration (eg saml.config file) you must have WantAuthnRequestSigned set to true for the .
Change this to false and try again.
If you want the authn request signed then the partner service provider must be configured to do this.