SSO issues troubleshooter

Owned by Angus Thompson
Jun 20, 2016
1 min read

Problem

This article has been developed to assist in the identification of Single Sign-On issues, when ADFS is not working correctly. The problem was identified in the SAML validator with the following messages: 

11. Validating the Signature

  Is the response signed? false

  Is the assertion signed? true

  The reference in the assertion signature is valid

  Signature or certificate problems

  The signature in the assertion is not valid

  Is the correct certificate supplied in the keyinfo? false

Cause

The problem was caused by The ADFS server was using a new certificate issued (which may have been issued automatically). The signing certificate had not been provided to Salesforce. It is not clear why a new certificate was issued by the server and if this process was an automatic process or not. I suggest a follow-up internally to identify any changes might assist in identifying this before the certificate expires again on the “CN=ADFS Signing - *************** Expiration: 12 Jun 2017 13:50:59 GMT”

Solution

The new certificate has been uploaded into the Single Sign-On configuration in OnePlace.