CPM server may display error "Signature validation failed. SAML Response rejected"
During login via Identity Provider on the sign on page or during the Test Connection, CPM server may display error message:
login failed. reason: Signature validation failed. SAML Response rejected (invalid_response)
You may find corresponding errors in the Windows Events at the AD FS Admin events with the following Event ID 368:
The SAML Single Logout request does not correspond to the logged-in session participant.
Similar error messages could be found in the CPM server logs (cpm_server.log):
ERROR: complete_directory_service_signin(additional_views.py:1633) login failed. reason: Signature validation failed. SAML Response rejected (invalid_response)
Very likely this happens because a wrong certificate file has been provided or this file has been issued from a different Certificate Authority.
Please make sure that you have uploaded valid certificate file that was issued from your Identity Provider side.
Please try to download the certificate file from your IdP and upload the file to the CPM server again via Identity Provider properties at the General Settings.
Related Articles
How to Integrate CPM with ADFS to allow Idp logins from windows AD users
Background: This How-To guide will outline how to configure CPM and a windows ADFS server to allow IdP logins. Before you get started you will need to check the prerequisites. This is very important. If they are not met or the Domain and any of the ...Failed to login to AD FS with the error: "The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy (invalid_response)"
Issue: When trying to login to AD FS from CPM, you may receive an error: "The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy (invalid_response)" The same error can be found in the ...CPM Server may display error "Problem Occurred (500)" during the Identity Provider configuration
CPM Server may display error "Problem Occurred (500)" during IdP configuration: Error message: A Problem Occurred(500) Sorry, but there was an error while processing your request This error appears after you hit the 'Apply' button. The most likely ...IDP/SAML integration may fail with "Failed getting CPM public host name"
Description: If you have installed the base image of CPM 2.2.0 and started using IDP/SAML authentication, and have also configured a custom hostname URL for the IDP redirect, you may get a "Error 500" in your web browser when trying to connect. If ...Login to the CPM using an IDP may fail with the "Invalid issuer" error message
If you're using an IDP, login to the CPM may fail with the following error message: login failed. reason: Invalid issuer in the Assertion/Response (invalid_response): It also may be found in the cpm_server.log: ERROR: ...