<-- Back

SAML Error: Unable to validate Response - The assertion is not signed correctly

Issue

Users are unable to log in to the app when using the SAML module. In the application logs the following error can be found:

ERROR - SAML_SSO: Unable to validate Response, see SAMLRequest overview for detailed response. Error: The assertion is not signed correctly

Environment

SAML module (all versions) 

Studio Pro (all versions)

Cause

This error usually occurs when the signing certificate of the IdP in the SAML module is not in sync with the IdP metadata in the IdP.

Any change to the metadata (even just opening it in an editor) can mean that the signature no longer matches the content, and the metadata will be rejected.

If the SAML or Studio Pro versions were updated, it might be related to old, outdated cookies that interfere with how the new cookies are set.

Solution/Workaround

The following solutions can be tried:

  • If any change was made to the metadata, the application should be restarted afterward. Restarting the application after any change ensures that the correct configuration is used. More information can be found in Configuring the IdP-Specific Settings.

  • After restarting the app, clear cookies and cached files from the end-user's browser.

Internal information related

  • 220246, 205797, 218180

  • C03PKGG8J8H/p1718787845045469

Additional information 

Mendix documentation: SAML | Mendix Documentation

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.