CPM server may display error "Signature validation failed. SAML Response rejected"

CPM server may display error "Signature validation failed. SAML Response rejected"

During login via Identity Provider on the sign on page or during the Test Connection, CPM server may display error message:

login failed. reason: Signature validation failed. SAML Response rejected (invalid_response)

You may find corresponding errors in the Windows Events at the AD FS Admin events with the following Event ID 368:
The SAML Single Logout request does not correspond to the logged-in session participant.

Similar error messages could be found in the CPM server logs (cpm_server.log):
ERROR:  complete_directory_service_signin(additional_views.py:1633)  login failed. reason: Signature validation failed. SAML Response rejected (invalid_response)

Very likely this happens because a wrong certificate file has been provided or this file has been issued from a different Certificate Authority.
Please make sure that you have uploaded valid certificate file that was issued from your Identity Provider side.

Please try to download the certificate file from your IdP and upload the file to the CPM server again via Identity Provider properties at the General Settings.