All of a sudden one of my clients reported SSO pass-through issues.
idp.log:
ComponentSpace.SAML2 Verbose: 0 : 1864/41: 6/17/2020 3:28:08 PM: Retrieving the signature certificates for the partner identity provider http://sso.blah.net/adfs/services/trust.
ComponentSpace.SAML2 Verbose: 0 : 1864/41: 6/17/2020 3:28:08 PM: The X.509 certificate with subject name CN=ADFS Signing - sso.blah.net and serial number ########### has been retrieved from the cache.
ComponentSpace.SAML2 Verbose: 0 : 1864/41: 6/17/2020 3:28:08 PM: The X.509 certificate with subject name CN=ADFS Signing - sso.blah.net and serial number ########### is being used to verify the XML signature.
ComponentSpace.SAML2 Verbose: 0 : 1864/41: 6/17/2020 3:28:08 PM: Verifying the XML signature.
ComponentSpace.SAML2 Verbose: 0 : 1864/41: 6/17/2020 3:28:08 PM: Failed to verify the XML signature.
App log: The SAML assertion signature failed to verify
Just want to get in front of any issue on my side.
My interpretation of the errors is the certificate that I have stored on my side no longer properly handshakes with the certificate on their side.
I’ve ask they confirm the serial number provided in my error log (the serial number / certificate saved in my application) and verify it matches what is coming from: http://sso.blah.net/adfs/services/trust.
Might be a common sense question that yes, this is what the issue is…
Just wanted to confirm and get thoughts in case it may be any other issue.
ComponentSpace.SAML2 2.8.8.0
It will almost certainly be a configuration mismatch of the partner certificate.
Please send the SAML log file as an email attachment to support@componentspace.com mentioning your post. We can take a look at the certificate embedded in the signature and compare it with the configured certificate.