SSO issues troubleshooter
Problem
This article has been developed to assist in the identification of Single Sign-On issues, when ADFS is not working correctly. The problem was identified in the SAML validator with the following messages:
11. Validating the Signature |
Is the response signed? false |
Is the assertion signed? true |
The reference in the assertion signature is valid |
Signature or certificate problems |
The signature in the assertion is not valid |
Is the correct certificate supplied in the keyinfo? false |
Cause
The problem was caused by The ADFS server was using a new certificate issued (which may have been issued automatically). The signing certificate had not been provided to Salesforce. It is not clear why a new certificate was issued by the server and if this process was an automatic process or not. I suggest a follow-up internally to identify any changes might assist in identifying this before the certificate expires again on the “CN=ADFS Signing - *************** Expiration: 12 Jun 2017 13:50:59 GMT”
Solution
The new certificate has been uploaded into the Single Sign-On configuration in OnePlace.
Related articles