SAML Assertion - "Invalid signature for object [id...]"

zohar.amir · April 19, 2022, 8:02am

Using Java with spring security to implement SAML2 SP.
Everything used to work OK, but now I get “Invalid signature for object [id…]” messages.
If I understand correctly, this is due to to the assertion not being signed correctly by Okta, but I can’t understand why - the certificate didn’t change or anything.

I downloaded the X.509 certificate from okta and used it to validate the assertion (that I got from chrome’s
SAML-tracer) using SAML Response Validator - Validate SAML Metadata, Signatures & Certificates - it failed the signature validation there also…

zohar.amir · April 20, 2022, 7:06am

Turns out that I used a slightly wrong registration ID - I used “https://…” and it should have been “http://…”

system · April 21, 2022, 7:07am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Signature is invalid error on SAML integration SAML	3	5911	December 3, 2020
Need clear documentation on SAML support in Okta. Issue in decrypting encrypted SAML response and verifying signature when both response(message) and assertion are signed SAML	3	2511	February 14, 2024
Assertion is not a valid SAML 2.0 Assertion error SAML	6	2551	February 15, 2024
Unable to validate incoming SAML assertion (The Issuer in the SAML response did not match the Issuer configured for the Identity Provider.) SAML	5	17851	September 1, 2021
Getting 'assertion is not a valid SAML 2.0 Assertion' when exchanging IdP SAML Assertion for Okta Auth Token Questions	2	3346	July 25, 2022

SAML Assertion - "Invalid signature for object [id...]"

Related topics