The SAML response signature failed to verify.

SAML for ASP.NET
1

I am getting this error randomly like every one / two days. if I change something in web.config file in service provider project/ then it will start working again but it again failed in next one or two days

what can be the problem here ?

[1/25/2021 2:11:43 AM] INFO[ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.
at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLResponseSignature(XmlElement samlResponseElement)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)
at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary& attributes, String& relayState)
at SAML_AssertionConsumerService.Page_Load(Object sender, EventArgs e) in c:\inetpub\vhosts\httpdocs\SAML\AssertionConsumerService.aspx.cs:line 35]

2
[quote]
mayur4monto - 1/25/2021
I am getting this error randomly like every one / two days. if I change something in web.config file in service provider project/ then it will start working again but it again failed in next one or two days

what can be the problem here ?

[1/25/2021 2:11:43 AM] INFO[ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.
at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLResponseSignature(XmlElement samlResponseElement)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)
at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)
at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary& attributes, String& relayState)
at SAML_AssertionConsumerService.Page_Load(Object sender, EventArgs e) in c:\inetpub\vhosts\httpdocs\SAML\AssertionConsumerService.aspx.cs:line 35]
[/quote]

11892/157: 1/25/2021 2:53:31 AM: Initiation of SSO to the partner identity provider hlx has completed successfully.
11892/145: 1/25/2021 2:53:32 AM: Receiving an SSO response from a partner identity provider.
11892/145: 1/25/2021 2:53:32 AM: Service provider session (e9c1a628-da66-4873-ae72-3fe9fa8fce09) state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: hlx
Relay state:
In response to: _080f55aa-4657-48db-b3c9-76a1e13e6434

11892/145: 1/25/2021 2:53:32 AM: Receiving response over HTTP POST.
11892/145: 1/25/2021 2:53:32 AM: HTTPS request:
POST /SAML/AssertionConsumerService.aspx HTTP/1.1
Cache-Control: max-age=0
Connection: close
Content-Length: 6129
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: SAML_SessionId=e9c1a628-da66-4873-ae72-3fe9fa8fce09
Host: example.com
Referer: https://signon.example.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Edg/87.0.664.75
upgrade-insecure-requests: 1
origin: https://signon.example.com
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfMTk5ZjNhYjItMDgwZS00MGQwLWJkZDUtZjE3MGE4NjFhMmNlIiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaGx4PC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48UmVmZXJlbmNlIFVSST0iI18xOTlmM2FiMi0wODBlLTQwZDAtYmRkNS1mMTcwYTg2MWEyY2UiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48SW5jbHVzaXZlTmFtZXNwYWNlcyBQcmVmaXhMaXN0PSIjZGVmYXVsdCBzYW1scCBzYW1sIGRzIHhzIHhzaSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM%2BPERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU%2BRExnOXFPWTdtM0dkcGlSc2FJU01MR1k2bkQyUEswVVRFU1h0N05sMk5LQT08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU%2BUWJyU1lKYnhYUnY4Vm1IckoxU3pZakNhM3VKckV5TWtRTGtYTDNrNlMrcFNyVkYxNWdjTC96YkF2U01DOTMwaUNmUXZJWEh6MWN3Q1lJS0EwOEdGYzBjNi8vRVR3VTlQZ0c2Z2tkYW8ycUJ6dkF0dWxrUE92Sy9pQlVYVkdzWWJVMnVZbVBvNEhiNnJSMzlrakpvbWpsSFlEQTVUVS81V0NIM3JyY1ladlBKM0ttMWNsZjdQc21ZZXpjaUhWcFNaMW9pS3VXOHJ1eG9qOG5Pcll1cFdKcUdqUHlLZlBTZC9yeHR4QURsYUlqOHIvMTdicWNLQ1A0Z0JGRlYreEJHcWs2WFF2QldLTFNreUZPTWl0MTEwaE1PQTd4YWxwR3o4cVovQ3pQNXdHTlI3dGZ6dWFuSGNKem1TUG9WSVd1eWgxakc5cEZWMVQrNVE2MHRSYTZGMC93PT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSURBVENDQWVtZ0F3SUJBZ0lRZFBEci9pSTFqYmhETVRqNVZZeWErVEFOQmdrcWhraUc5dzBCQVFzRkFEQVdNUlF3RWdZRFZRUURFd3QzZDNjdWFXUndMbU52YlRBZUZ3MHhNekV4TWpJd09ESXdOVEphRncwME9URXlNekV4TkRBd01EQmFNQll4RkRBU0JnTlZCQU1UQzNkM2R5NXBaSEF1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBaTBYSlJMRHJjYlN5cVVkOFhHNEJneE9iUU1ZTEFrRU5sbUpPc0FFcGwxeE1hYlVpcTFYNHYwRmM4WmFDcFVFM2ZGR0VOTUVXZ0JqblFVVUUwV3RWVWg1SlBNc3Vrb2xmOXFsamJKa0NrdkhYSDNPNFVlbjd2QTJvTlFXdDRiSzk2U3BYQURwWktGdnBrNEQ3YnRLT2dVL05hbWppcXdISTRmSThrRkpLd0tCSmNoUlBVUWRDNGxqUlJtR0lyU25wWSt0MjUvZDNLR1h3YmU5WjJNR0d5Mmh5QTB0Z09XdWNoSUsrMXZBS0tCVWg5bkRFWGZyODAreFc2ODB3NVRxSHlEY3FiV3ZRc1hYaEgweVpMZklOS05TNi9Jb2pIUHNCeTd0ZjM2Q2s5SDVQdysxUFB1Nk56QkZTejVaa0M4S3pyUzZ2dVpYYy9JbVlybmhlTVFzcXFRSURBUUFCbzBzd1NUQkhCZ05WSFFFRVFEQStnQkQ0ZFk0TUNQRW1HNHN4WnJjbmk4dnRvUmd3RmpFVU1CSUdBMVVFQXhNTGQzZDNMbWxrY0M1amIyMkNFSFR3Ni80aU5ZMjRRekU0K1ZXTW12a3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmhhazJhUjg0TUNkeVhPNEFLT1F2Wnlic0NNZGhScTJpMWkwV2hENC94ZTdSeTVoYUM2VGVYSXA4UTRjQzNNenNyRGFsNzR4SEk3MTRCVzBsb2FmcEhBc1hmZDlFdmtLVFZhSisxWnBlMTYrU3NUTDR1cFMxY0d5ZGlncXdVenNkcEdjazR3STFtb0o5NDc3Tys0NklmMmdGMjd1OUNkazdPbnhlLzVkd0xJeFdta1ZSZGJRSUg1R3NLVWVBak9kUlFteStYMU1YNkt5Um9hQ3dXR1l3eGk1U2ErciszQXREdkQ0QlgwRUpHS0ZaZWVNM0oveU1wWWgvNzVhTjBjRlFmREVkSjdDNU5FMHZvbmlkRTBRdElGdnNvV3RaVXR1cjJmaVc3eUJ4c2UzOFRQUXNpMnI2QTZjL1Rac1o1YnEzMXloM2dyM2tTTjYySDhpVktMUUxBPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE%2BPC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXM%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOklzc3Vlcj5obHg8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q%2BPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnBhY2s8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDEtMjVUMDc6NTY6MzEuNzM1WiIgUmVjaXBpZW50PSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIC8%2BPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24%2BPC9zYW1sOlN1YmplY3Q%2BPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDEtMjVUMDc6NTA6MzEuNzM1WiIgTm90T25PckFmdGVyPSIyMDIxLTAxLTI1VDA3OjU2OjMxLjczNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPHNhbWw6QXVkaWVuY2U%2BY2VxdWFzbGlkZXNzZXJ2aWNlcHJvdmlkZXI8L3NhbWw6QXVkaWVuY2U%2BPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPC9zYW1sOkNvbmRpdGlvbnM%2BPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIFNlc3Npb25JbmRleD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSI%2BPHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOnVuc3BlY2lmaWVkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idXNlcmlkICI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj43MzM8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZmlyc3RuYW1lICI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5QYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9Imxhc3RuYW1lICI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5KYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U%2B
11892/145: 1/25/2021 2:53:32 AM: Form variable SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfMTk5ZjNhYjItMDgwZS00MGQwLWJkZDUtZjE3MGE4NjFhMmNlIiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aGx4PC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48UmVmZXJlbmNlIFVSST0iI18xOTlmM2FiMi0wODBlLTQwZDAtYmRkNS1mMTcwYTg2MWEyY2UiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48SW5jbHVzaXZlTmFtZXNwYWNlcyBQcmVmaXhMaXN0PSIjZGVmYXVsdCBzYW1scCBzYW1sIGRzIHhzIHhzaSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU+RExnOXFPWTdtM0dkcGlSc2FJU01MR1k2bkQyUEswVVRFU1h0N05sMk5LQT08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+UWJyU1lKYnhYUnY4Vm1IckoxU3pZakNhM3VKckV5TWtRTGtYTDNrNlMrcFNyVkYxNWdjTC96YkF2U01DOTMwaUNmUXZJWEh6MWN3Q1lJS0EwOEdGYzBjNi8vRVR3VTlQZ0c2Z2tkYW8ycUJ6dkF0dWxrUE92Sy9pQlVYVkdzWWJVMnVZbVBvNEhiNnJSMzlrakpvbWpsSFlEQTVUVS81V0NIM3JyY1ladlBKM0ttMWNsZjdQc21ZZXpjaUhWcFNaMW9pS3VXOHJ1eG9qOG5Pcll1cFdKcUdqUHlLZlBTZC9yeHR4QURsYUlqOHIvMTdicWNLQ1A0Z0JGRlYreEJHcWs2WFF2QldLTFNreUZPTWl0MTEwaE1PQTd4YWxwR3o4cVovQ3pQNXdHTlI3dGZ6dWFuSGNKem1TUG9WSVd1eWgxakc5cEZWMVQrNVE2MHRSYTZGMC93PT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSURBVENDQWVtZ0F3SUJBZ0lRZFBEci9pSTFqYmhETVRqNVZZeWErVEFOQmdrcWhraUc5dzBCQVFzRkFEQVdNUlF3RWdZRFZRUURFd3QzZDNjdWFXUndMbU52YlRBZUZ3MHhNekV4TWpJd09ESXdOVEphRncwME9URXlNekV4TkRBd01EQmFNQll4RkRBU0JnTlZCQU1UQzNkM2R5NXBaSEF1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBaTBYSlJMRHJjYlN5cVVkOFhHNEJneE9iUU1ZTEFrRU5sbUpPc0FFcGwxeE1hYlVpcTFYNHYwRmM4WmFDcFVFM2ZGR0VOTUVXZ0JqblFVVUUwV3RWVWg1SlBNc3Vrb2xmOXFsamJKa0NrdkhYSDNPNFVlbjd2QTJvTlFXdDRiSzk2U3BYQURwWktGdnBrNEQ3YnRLT2dVL05hbWppcXdISTRmSThrRkpLd0tCSmNoUlBVUWRDNGxqUlJtR0lyU25wWSt0MjUvZDNLR1h3YmU5WjJNR0d5Mmh5QTB0Z09XdWNoSUsrMXZBS0tCVWg5bkRFWGZyODAreFc2ODB3NVRxSHlEY3FiV3ZRc1hYaEgweVpMZklOS05TNi9Jb2pIUHNCeTd0ZjM2Q2s5SDVQdysxUFB1Nk56QkZTejVaa0M4S3pyUzZ2dVpYYy9JbVlybmhlTVFzcXFRSURBUUFCbzBzd1NUQkhCZ05WSFFFRVFEQStnQkQ0ZFk0TUNQRW1HNHN4WnJjbmk4dnRvUmd3RmpFVU1CSUdBMVVFQXhNTGQzZDNMbWxrY0M1amIyMkNFSFR3Ni80aU5ZMjRRekU0K1ZXTW12a3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmhhazJhUjg0TUNkeVhPNEFLT1F2Wnlic0NNZGhScTJpMWkwV2hENC94ZTdSeTVoYUM2VGVYSXA4UTRjQzNNenNyRGFsNzR4SEk3MTRCVzBsb2FmcEhBc1hmZDlFdmtLVFZhSisxWnBlMTYrU3NUTDR1cFMxY0d5ZGlncXdVenNkcEdjazR3STFtb0o5NDc3Tys0NklmMmdGMjd1OUNkazdPbnhlLzVkd0xJeFdta1ZSZGJRSUg1R3NLVWVBak9kUlFteStYMU1YNkt5Um9hQ3dXR1l3eGk1U2ErciszQXREdkQ0QlgwRUpHS0ZaZWVNM0oveU1wWWgvNzVhTjBjRlFmREVkSjdDNU5FMHZvbmlkRTBRdElGdnNvV3RaVXR1cjJmaVc3eUJ4c2UzOFRQUXNpMnI2QTZjL1Rac1o1YnEzMXloM2dyM2tTTjYySDhpVktMUUxBPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOklzc3Vlcj5obHg8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnBhY2s8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDEtMjVUMDc6NTY6MzEuNzM1WiIgUmVjaXBpZW50PSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIC8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDEtMjVUMDc6NTA6MzEuNzM1WiIgTm90T25PckFmdGVyPSIyMDIxLTAxLTI1VDA3OjU2OjMxLjczNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+Y2VxdWFzbGlkZXNzZXJ2aWNlcHJvdmlkZXI8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIFNlc3Npb25JbmRleD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOnVuc3BlY2lmaWVkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idXNlcmlkICI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj43MzM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZmlyc3RuYW1lICI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5QYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imxhc3RuYW1lICI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5KYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
11892/145: 1/25/2021 2:53:32 AM: The decoded base-64 string is: https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">hlxhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=hlxpackhttps://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" />cequaslidesserviceproviderurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema" xmlns:xsi="733http://www.w3.org/2001/XMLSchema-instance">733<saml:Attribute Name="firstname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Packhttp://www.w3.org/2001/XMLSchema-instance">Pack<saml:Attribute Name="lastname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Jack">http://www.w3.org/2001/XMLSchema-instance">Jack
11892/145: 1/25/2021 2:53:32 AM: Received SAML message: https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">hlxhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=hlxpackhttps://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" />cequaslidesserviceproviderurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema" xmlns:xsi="733http://www.w3.org/2001/XMLSchema-instance">733<saml:Attribute Name="firstname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Packhttp://www.w3.org/2001/XMLSchema-instance">Pack<saml:Attribute Name="lastname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Jack">http://www.w3.org/2001/XMLSchema-instance">Jack
11892/145: 1/25/2021 2:53:32 AM: Received response over HTTP POST, samlMessage=https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">hlxhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=hlxpackhttps://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" />cequaslidesserviceproviderurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema" xmlns:xsi="733http://www.w3.org/2001/XMLSchema-instance">733<saml:Attribute Name="firstname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Packhttp://www.w3.org/2001/XMLSchema-instance">Pack<saml:Attribute Name="lastname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Jack,">http://www.w3.org/2001/XMLSchema-instance">Jack, relayState=
11892/145: 1/25/2021 2:53:32 AM: SAML message received: partner=hlx, message=https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">hlxhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=hlxpackhttps://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" />cequaslidesserviceproviderurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema" xmlns:xsi="733http://www.w3.org/2001/XMLSchema-instance">733<saml:Attribute Name="firstname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Packhttp://www.w3.org/2001/XMLSchema-instance">Pack<saml:Attribute Name="lastname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Jack,">http://www.w3.org/2001/XMLSchema-instance">Jack, relay state=
11892/145: 1/25/2021 2:53:32 AM: Verifying the SAML response signature.
11892/145: 1/25/2021 2:53:32 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E has been retrieved from the cache.
11892/145: 1/25/2021 2:53:32 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.
11892/145: 1/25/2021 2:53:32 AM: Verifying the XML signature.
11892/145: 1/25/2021 2:53:32 AM: Failed to verify the XML signature.
11892/145: 1/25/2021 2:53:32 AM: Signed XML: https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">hlxhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=hlxpackhttps://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" />cequaslidesserviceproviderurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema" xmlns:xsi="733http://www.w3.org/2001/XMLSchema-instance">733<saml:Attribute Name="firstname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Packhttp://www.w3.org/2001/XMLSchema-instance">Pack<saml:Attribute Name="lastname ">http://www.w3.org/2001/XMLSchema" xmlns:xsi="Jack.">http://www.w3.org/2001/XMLSchema-instance">Jack.
11892/145: 1/25/2021 2:53:32 AM: The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.
11892/145: 1/25/2021 2:53:32 AM: The verifying key type is RSACryptoServiceProvider.
11892/145: 1/25/2021 2:53:32 AM: The verifying key's associated cryptographic service provider is "".
11892/145: 1/25/2021 2:53:32 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.
3

It’s odd that this is an intermittent issue. It looks like there’s a certificate configuration mismatch which would be a persistent issue.

The log includes:

The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.
The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.

What this means is that the dexcom.hlxbureau.com certificate is configured in your SP to be used to verify signatures from the IdP. However, the www.idp.com certificate is embedded in the XML signature from the IdP.

Please ensure that the correct certificate is configured at the IdP and that this isn’t being changed.

4

Please see below log

both certificate are same still it says Failed to verify Signature

11892/190: 1/25/2021 12:18:31 AM: SAML message received: partner=hlx, message=<samlp:Response ID=“_aa58d6ea-0f6c-4dfc-b13e-22898e9c87b1” InResponseTo=“_d988320e-56e6-449d-b3b9-45f69e427539” Version=“2.0” IssueInstant=“2021-01-25T05:18:31.132Z” Destination=“<a href=“https://cequaslides.com/SAML/AssertionConsumerService.aspx””>https://cequaslides.com/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>hlx</saml:Issuer><Signature xmlns=“<CanonicalizationMethod”>http://www.w3.org/2000/09/xmldsig#“><CanonicalizationMethod Algorithm=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” /><SignatureMethod Algorithm=“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256” /><Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm=“<InclusiveNamespaces”>http://www.w3.org/2001/10/xml-exc-c14n#“><InclusiveNamespaces PrefixList=”#default samlp saml ds xs xsi" xmlns=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ /><DigestMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256" />SYZhtvoo6zHjSuAgXKIB3yblBVDqlKV4PFCVm5p8aYk=hOd3S1eTjg2tVAja5doRUcHmyamr38eTifzQiuyOjIejkrzQiU0Kom/DPuADOMAfYT9315cXviDC0z9o+rjpN1gzJfM7/pjM5ruZhi9zAcVGaY5yZhcdTxI7kZOLo+mtEVF+GRUSGrgOIzTmB0Gfn3uLwxzUb1at38QurN61JDP6b77KSQP0oRFRRgOcI8tWuhES6IVKICgDIq5TNqSgfEClHOW9bOz3Q3DQ5jZrLbAf/gcRxZ+d7PyeC5mKpOfDcboN4tbiQLRacNdqDKlIjX0GATcTaKMN9XNtAHorot7YHiRvOhYZYycnieM+8jWlAB+vd5Bjk6spmlQ4duaz+g==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status><saml:Assertion Version=“2.0” ID=“_63e1f317-2ec6-4fac-9e35-c11c1ed07be7” IssueInstant=“2021-01-25T05:18:31.132Z” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>saml:Issuerhlx</saml:Issuer>saml:Subject<saml:NameID Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”>pack</saml:NameID><saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><saml:SubjectConfirmationData NotOnOrAfter=“2021-01-25T05:21:31.132Z” Recipient=“<a href=“https://cequaslides.com/SAML/AssertionConsumerService.aspx””>https://cequaslides.com/SAML/AssertionConsumerService.aspx" InResponseTo=“_d988320e-56e6-449d-b3b9-45f69e427539” /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=“2021-01-25T05:15:31.132Z” NotOnOrAfter=“2021-01-25T05:21:31.132Z”>saml:AudienceRestrictionsaml:Audiencecequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=“2021-01-25T05:18:31.132Z” SessionIndex=“_63e1f317-2ec6-4fac-9e35-c11c1ed07be7”>saml:AuthnContextsaml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>saml:AttributeStatement<saml:Attribute Name=“userid “><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=”<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“733</saml:AttributeValue></saml:Attribute>saml:Attribute"http://www.w3.org/2001/XMLSchema-instance”>733</saml:AttributeValue></saml:Attribute><saml:Attribute Name=“firstname “><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=”<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“Pack</saml:AttributeValue></saml:Attribute>saml:Attribute"http://www.w3.org/2001/XMLSchema-instance”>Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name=“lastname “><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=”<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>,”>http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>, relay state=
11892/190: 1/25/2021 12:18:31 AM: Verifying the SAML response signature.
11892/190: 1/25/2021 12:18:31 AM: Loading the X.509 certificate from the file C:\Inetpub\vhosts\cequaslides.com\httpdocs\Certificates\idp.cer.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E has been loaded.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E has been cached.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.
11892/190: 1/25/2021 12:18:31 AM: Verifying the XML signature.
11892/190: 1/25/2021 12:18:31 AM: Failed to verify the XML signature.
11892/190: 1/25/2021 12:18:31 AM: Signed XML: <samlp:Response ID=“_aa58d6ea-0f6c-4dfc-b13e-22898e9c87b1” InResponseTo=“_d988320e-56e6-449d-b3b9-45f69e427539” Version=“2.0” IssueInstant=“2021-01-25T05:18:31.132Z” Destination=“<a href=“https://cequaslides.com/SAML/AssertionConsumerService.aspx””>https://cequaslides.com/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>hlx</saml:Issuer><Signature xmlns=“<CanonicalizationMethod”>http://www.w3.org/2000/09/xmldsig#“><CanonicalizationMethod Algorithm=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” /><SignatureMethod Algorithm=“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256” /><Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm=“<InclusiveNamespaces”>http://www.w3.org/2001/10/xml-exc-c14n#“><InclusiveNamespaces PrefixList=”#default samlp saml ds xs xsi" xmlns=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ /><DigestMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256" />SYZhtvoo6zHjSuAgXKIB3yblBVDqlKV4PFCVm5p8aYk=hOd3S1eTjg2tVAja5doRUcHmyamr38eTifzQiuyOjIejkrzQiU0Kom/DPuADOMAfYT9315cXviDC0z9o+rjpN1gzJfM7/pjM5ruZhi9zAcVGaY5yZhcdTxI7kZOLo+mtEVF+GRUSGrgOIzTmB0Gfn3uLwxzUb1at38QurN61JDP6b77KSQP0oRFRRgOcI8tWuhES6IVKICgDIq5TNqSgfEClHOW9bOz3Q3DQ5jZrLbAf/gcRxZ+d7PyeC5mKpOfDcboN4tbiQLRacNdqDKlIjX0GATcTaKMN9XNtAHorot7YHiRvOhYZYycnieM+8jWlAB+vd5Bjk6spmlQ4duaz+g==MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status><saml:Assertion Version=“2.0” ID=“_63e1f317-2ec6-4fac-9e35-c11c1ed07be7” IssueInstant=“2021-01-25T05:18:31.132Z” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>saml:Issuerhlx</saml:Issuer>saml:Subject<saml:NameID Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”>pack</saml:NameID><saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><saml:SubjectConfirmationData NotOnOrAfter=“2021-01-25T05:21:31.132Z” Recipient=“<a href=“https://cequaslides.com/SAML/AssertionConsumerService.aspx””>https://cequaslides.com/SAML/AssertionConsumerService.aspx" InResponseTo=“_d988320e-56e6-449d-b3b9-45f69e427539” /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=“2021-01-25T05:15:31.132Z” NotOnOrAfter=“2021-01-25T05:21:31.132Z”>saml:AudienceRestrictionsaml:Audiencecequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=“2021-01-25T05:18:31.132Z” SessionIndex=“_63e1f317-2ec6-4fac-9e35-c11c1ed07be7”>saml:AuthnContextsaml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>saml:AttributeStatement<saml:Attribute Name=“userid “><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=”<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“733</saml:AttributeValue></saml:Attribute>saml:Attribute"http://www.w3.org/2001/XMLSchema-instance”>733</saml:AttributeValue></saml:Attribute><saml:Attribute Name=“firstname “><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=”<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“Pack</saml:AttributeValue></saml:Attribute>saml:Attribute"http://www.w3.org/2001/XMLSchema-instance”>Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name=“lastname “><saml:AttributeValue xsi:type=“xs:string” xmlns:xs=”<a href=“http://www.w3.org/2001/XMLSchema””>http://www.w3.org/2001/XMLSchema" xmlns:xsi=“Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>.”>http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.
11892/190: 1/25/2021 12:18:31 AM: The verifying key type is RSACryptoServiceProvider.
11892/190: 1/25/2021 12:18:31 AM: The verifying key’s associated cryptographic service provider is “”.
11892/190: 1/25/2021 12:18:31 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.

5

I’m not sure what you mean. This trace is the same as the previous and shows the certificates are different.

The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.

The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.

6

Our Identity Provider has provided certificate.

I want to test that certificate with the demo application

so when I replace that certificate with idp.cer file in both service provider and identity provider demo project it gives error

Can you let me know how can I test the certificate? with demo application


7

If the www.idp.com test certificate is the correct one, update your service provider’s saml.config to specify this as the partner certificate file. For example:


<PartnerIdentityProvider
Name=“…”







The idp.cer file will be used to attempt to verify XML signatures from this identity provider.

8
[quote]
ComponentSpace - 1/27/2021
If the www.idp.com test certificate is the correct one, update your service provider's saml.config to specify this as the partner certificate file. For example:


<PartnerIdentityProvider
Name="..."







The idp.cer file will be used to attempt to verify XML signatures from this identity provider.
[/quote]

Hello,

dexcom.hlxbureau.com is the certificate that I need to use.

So in the demo application
1 Identity provider - I am modifying idp.cer by opening it to notepad, update the certificate code and save it
2 Servuce Provider - I am modifying idp.cer by opening it to notepad, update the certificate code and save it

so that why I am updating existing cer file but I am getting above error
9

Do you have the private key for the dexcom.hlxbureau.com certificate?

The identity provider would need this to sign the SAML response.

If you do, you have to update the idp.pfx which is the local certificate for the identity provider. It doesn’t use the idp.cer file.

The identity provider signs with the private key (eg idp.pfx) and the service provider verifies with the corresponding public key (eg idp.cer).