SAML Error - The server requires a signed SAML authentication request but no signature is present

[Suresh Dev]

I'm relatively new to SAML integration, and I've encountered an issue recently that I've been struggling to resolve. I've managed to set up my login page to redirect users to the Identity Provider's (IDP) login page successfully. However, after users enter their credentials on the IDP's login page, they're redirected to an error page.

Upon checking the IDP's activity log, the error indicates a missing signature. The confusing part is that our server configuration doesn't enforce signed requests.

I'd appreciate any insights or suggestions on why this error might be occurring and how I can troubleshoot it effectively. Thank you in advance for your help!

I  posted detail on link

[Pieter van der Meulen]

Hi,

The error you give states: "Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSignatureVerificationException: MSIS7085: The server requires a signed SAML authentication request but no signature is present. at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.ValidateSignatureRequirements(SamlMessage samlMessage"

What is "our server" in this context? Is the the ADFS server or the SimpleSAMLphp server? Whether a SAML AuthnRequest requires to be signed is an IdP policy. In this case that is ADFS. So you need to look at the ADFS configuration. ADFS might be influenced by something in the SAML Metadata that is generated bij SimpleSAMLphp based on the configuration of your SP in SimpleSAMLphp, if you use that to configure the RP in ADFS.

So you need to either sign the AuthnRequest in SimpleSAMLphp, or configure ADFS in such a way that it does not require signed AuthnRequests. How to do that in ADFS is beyond the scope of this mailinglist.

Pieter.

Op woensdag 6 maart 2024 om 20:26:17 UTC+1 schreef Suresh Dev:

[Suresh Nariya]

Hi Pieter,

Thanks for your reply.

I found an issue, was having the wrong Entity ID configuration in SP(saml20-sp-remote.php), I corrected it and now integration started working.

Thanks

Suresh

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
 
https://simplesamlphp.org/support
 
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
 
Make sure to read the documentation:
 
https://simplesamlphp.org/docs/stable/
 
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
 
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/1lt3Jw_wMHI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/f7797783-3524-42c6-91a6-f94c030a3a03n%40googlegroups.com.