Validation of protocol message signature failed

Hello,

I'm attempting to set up the new edge ui after upgrading from 4.18.05 to 4.19.06. Except for the new edge ui, all components, including sso, are installed in server1 as an all in one install. I installed the new edge in a separate server, server2, as the install instructions suggested.

My SAML IDP is keycloak. The client was configured in keycloak by importing the xml file found at http://server1:9099/saml/metadata. When I log on to http://server2:3001, I'm redirected to http://server1:9099/login. I can click on the log on to idp from there and I'm sent to my keycloak SAML IDP. After I enter credentials, I'm redirected to http://server1:9099/saml_error with the message "Validation of protocol message signature failed". I've search the apigee logs for that phrase but there are no hits.

Any help in identifying and resolving the issue would be greatly appreciated. Thank you.

0 3 3,130
3 REPLIES 3

i have the same issue, is there any fix yet.

This is a SAML signature verification error. It seems like one of the sides of the SAML partnership does not have the correct keys or certificate, or otherwise is misconfigured. 

One. party digitally signs the payload (SAML Assertion) with its key, the the receiving party verifies the signature using the certificate.  The cert needs to match the key.  If the receiver has the wrong cert, or a cert that does not correspond to the signing key, then you can get this kind of signature validation error message. 

So, check your keys.