Using Java with spring security to implement SAML2 SP.
Everything used to work OK, but now I get “Invalid signature for object [id…]” messages.
If I understand correctly, this is due to to the assertion not being signed correctly by Okta, but I can’t understand why - the certificate didn’t change or anything.
I downloaded the X.509 certificate from okta and used it to validate the assertion (that I got from chrome’s
SAML-tracer) using SAML Response Validator - Validate SAML Metadata, Signatures & Certificates - it failed the signature validation there also…