Problem:

SSO stops working while configured with AD FS. The following error is thrown:

Handling SAML-message failed: Neither the SAML Response nor the Assertion have a valid signature.
com.resolution.samlwrapper.api.exception.MessageReadingException: 
Neither the SAML Response nor the Assertion have a valid signature.


Solution:

This message usually occurs if the certificate on ADFS has been renewed but not updated in the plugin.

To fix this:

  • Go to the SAML Single Sign On configuration page
  • Click on the Identity Providers tab
  • Click the Load button next to the Metadata URL field
  • Save the configuration - this reloads the metadata and thus the new certificate

If you have configured the Metadata by pasting the XML:

  • Update the XML in the field
  • Click Load
  • Save the configuration


To fix this for the long term, please mark the checkbox Automatic reload (directly below the metadata URL), then our plugin automatically downloads the metadata every 24 hours.

That would prevent the issue to re-occur if the certificate got changed.