I'm getting this error when testing SAML sign in: 09:11:36APPERRORSAML_SSO: Unable to validate Response, see SAMLRequest overview for detailed response. Error: org.opensaml.xml.validation.ValidationException: Got StatusCode urn:oasis:names:tc:SAML:2.0:status:Responder should be urn:oasis:names:tc:SAML:2.0:status:Success. Message: [] ID:[_0b8ebc… etc] 09:11:36APPERRORSAML_SSO: org.opensaml.common.SAMLException: org.opensaml.xml.validation.ValidationException: Got StatusCode urn:oasis:names:tc:SAML:2.0:status:Responder should be urn:oasis:names:tc:SAML:2.0:status:Success. Message: [] ID:[_0b8ebc… etc] When I check the request overview, the request is there but it is empty. I'm having some trouble debugging the flow. The system doesn't seem to go through CustomUserProvisioning, even though we ticked that mark. On the ADFS side, we're seeing this: Exception details: Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: ID4037: The key needed to verify the signature could not be resolved from the following security key identifier 'SecurityKeyIdentifier
asked
Frederic Petrignani
3 answers
2
Do you have V1.13.0 of the SAML module?
answered
Cillus den Brok
1
We reconfigured the module, gave the new metadatafile to the ADFS admin en had to add a claim (UPN). That solved it.
answered
Frederic Petrignani
0
You could try Firefox with the plugin SAML tracer. This way you can better debug what is going wrong. From the errors it looks like the security keys are not matching. Make sure that the metadata is refreshed. Might be that the certificates are out of sync.