Unable to validate Signature / Why might this happen?

[alexey....@pool4tool.com]

Hello Everyone!

we are setting up yet another SAML interface, where we are the SP and remotely an ADFS System is the IDp. We are using a SP Initiated SAML procedure (users from the IDp intranet click a link, which is on our server, it sends a SAML requests to the IDp and all the magic happens). This process usually works without a glitch (fiddling with some settings here and there was always required, but problems were always easy to solve). Yet now we are stuck and I am not sure where to continue to :/

First, Below is the actual error we get when attempting to authenticate:

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] SimpleSAML_Error_Exception: Error 2 - set_error_handler() expects the argument () to be a valid callback

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] Backtrace:

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 8 /var/www/html/modules/sso/lib/simplesamlphp/www/_include.php:70 (SimpleSAML_error_handler)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 7 [builtin] (set_error_handler)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 6 /var/www/html/modules/sso/lib/simplesamlphp/config/config.php:8 (require)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 5 /var/www/html/modules/sso/lib/simplesamlphp/lib/SimpleSAML/Configuration.php:95 (SimpleSAML_Configuration::loadFromFile)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 4 /var/www/html/modules/sso/lib/simplesamlphp/lib/SimpleSAML/Configuration.php:168 (SimpleSAML_Configuration::getConfig)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 3 /var/www/html/modules/sso/lib/simplesamlphp/lib/SimpleSAML/Configuration.php:230 (SimpleSAML_Configuration::getInstance)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 2 /var/www/html/modules/sso/lib/simplesamlphp/lib/SimpleSAML/Utilities.php:1930 (SimpleSAML_Utilities::initTimezone)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 1 /var/www/html/modules/sso/lib/simplesamlphp/www/_include.php:109 (require_once)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 0 /var/www/html/modules/sso/lib/simplesamlphp/www/module.php:13 (N/A)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] Backtrace:

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 0 /var/www/html/modules/sso/lib/simplesamlphp/www/module.php:180 (N/A)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] Caused by: Exception: Unable to validate Signature

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] Backtrace:

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 6 /var/www/html/modules/sso/lib/simplesamlphp/lib/SAML2/Utils.php:149 (SAML2_Utils::validateSignature)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 5 /var/www/html/modules/sso/lib/simplesamlphp/lib/SAML2/Assertion.php:494 (SAML2_Assertion::validate)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 4 /var/www/html/modules/sso/lib/simplesamlphp/modules/saml/lib/Message.php:185 (sspmod_saml_Message::checkSign)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 3 /var/www/html/modules/sso/lib/simplesamlphp/modules/saml/lib/Message.php:556 (sspmod_saml_Message::processAssertion)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 2 /var/www/html/modules/sso/lib/simplesamlphp/modules/saml/lib/Message.php:528 (sspmod_saml_Message::processResponse)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 1 /var/www/html/modules/sso/lib/simplesamlphp/modules/saml/www/sp/saml2-acs.php:83 (require)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 0 /var/www/html/modules/sso/lib/simplesamlphp/www/module.php:135 (N/A)

Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] Error report with id 74daa19e generated.

Which seems to happen at the very end. Who is actually responsible for fixing this error i.e. on what side does the problem lie --> at the Certificate of the IDp or the SP (ours)? We are using the same certificate for all other SAML connections and it works without a glitch.

I am really stuck here :(

Thanks in advance!

[alexey....@pool4tool.com]

P.S. Here is what they are posting us:

      "method": "POST",

      "url": "https://samldemo.mysite.com/modules/sso/lib/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/11",

      "requestHeaders": [

        [

          "Host",

          "samldemo.mysite.com"

        ],

        [

          "User-Agent",

          "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0"

        ],

        [

          "Accept",

          "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"

        ],

        [

          "Accept-Language",

          "de,en-US;q=0.7,en;q=0.3"

        ],

        [

          "Accept-Encoding",

          "gzip, deflate"

        ],

        [

          "Referer",

          "https://adfs.superalpine.com/adfs/ls/trust?SAMLRequest=fVJNb9swDP0rhu62IrlBFiEJkDYYFqDdgibroZdCkelFgD5cUW62fz9ZTrHu0Fwk8ZHvkXzQAqU1nVj38eQe4bUHjMVvaxyKnFiSPjjhJWoUTlpAEZXYrx%2FuBa8mogs%2BeuUN%2BUC5zpCIEKL2jhTbzZK8zBhv5KSVfM4V49OWzb7wtp7JOj2Oc1krmKi2gemck%2BIJAibmkiShREfsYeswShcTNGHTkrGS1wdWC85EPXsmxSZto52MmXWKsUNBqWxarN58SknTaQeV8jaD1CCNocdIivX7mHfeYW8h7CG8aQU%2FH%2B%2F%2FCWWNBqyvOu%2FNTUxH1rK%2B6Q0gRfTU6CNFbbsUD3aeOno%2Bny8V1RAOMMXx5qVUmFHGSLG7mHurXaPdr%2Bu%2BHsciFN8Oh125%2B7E%2FkNVi0BTZp7Aahr66PI4bjg4s6EfuYvwj31PX7WbnjVZ%2Fiq8%2BWBk%2FH4pVLCO6KdtcKnqHHSjdamiSwcb4810AGWFJUksgdDU2%2Ff8vrv4C&RelayState=https%3A%2F%2Fsamldemo.mysite.com%2Fsso%2Fsuperalpine%2F"

        ],

        [

          "Cookie",

          "p4t_main_application={hash:2817fd1b026c98b707668a9f21408fa9ff0e3564}; SimpleSAMLSessionID={hash:aab23ea9bb8fff66782ce398c71110ec15f5861a}"

        ],

        [

          "Connection",

          "keep-alive"

        ],

        [

          "Proxy-Authorization",

          "NTLM TlRMTVNTUAADAAAAGAAYAJIAAADyAPIAqgAAABYAFgBYAAAADgAOAG4AAAAWABYAfAAAAAAAAACcAQAABYKIogoAACgAAAAPj7FXIWh2Lo+KTv+MYvYyjlYATwBFAFMAVABBAEwAUABJAE4ARQBCAG8AaABhAHUAZABhADIAMgAxADcAUABDADEAOQA2ADYANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYEuAXJS0HB/bA+exaWT+5AQEAAAAAAAD/Hhjt8SXRATcHOZbtnIOgAAAAAAIAFgBWAE8ARQBTAFQAQQBMAFAASQBOAEUAAQAKAEwAUABYADAAMQAEAAAAAwAKAGwAcAB4ADAAMQAIADAAMAAAAAAAAAABAAAAACAAAGzMF+AiKkTRDjd4sNWqSEG2quUNlrMb+xh7d65HDU/3CgAQAAAAAAAAAAAAAAAAAAAAAAAJADgASABUAFQAUAAvAHYAbwBlAHMAdABkAGUAbQBvAC4AcABvAG8AbAA0AHQAbwBvAGwALgBjAG8AbQAAAAAAAAAAAA=="

        ],

        [

          "Content-Type",

          "application/x-www-form-urlencoded"

        ],

        [

          "Content-Length",

          "8791"

        ]

      ],

      "get": [

        

      ],

      "postData": "{overwritten}",

      "post": [

        [

          "SAMLResponse",

          "{hash:652c96bd25df3e4179e63921bea24af3be06848f}"

        ],

        [

          "RelayState",

          "{hash:a414ed77c2f5a34dd55f1d4005a43af2fc10af24}"

        ]

      ],

      "saml": "<samlp:Response ID=\"_575fd459-3118-4781-bc80-0da4ccb0dba2\" Version=\"2.0\" IssueInstant=\"2015-11-23T13:21:56.297Z\" Destination=\"https://samldemo.mysite.com/modules/sso/lib/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/11\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" InResponseTo=\"_712da0fa292c125f1782f37a3178b9a3ce0cfde592\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://adfs.superalpine.com/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\" /></samlp:Status><EncryptedAssertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><xenc:EncryptedData Type=\"http://www.w3.org/2001/04/xmlenc#Element\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><xenc:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" /><KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><e:EncryptedKey xmlns:e=\"http://www.w3.org/2001/04/xmlenc#\"><e:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"><DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /></e:EncryptionMethod><KeyInfo><ds:X509Data xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509IssuerSerial><ds:X509IssuerName>O=POOL4TOOL, L=Vienna, S=Some-State, C=AU</ds:X509IssuerName><ds:X509SerialNumber>16638298879154502267</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></KeyInfo><e:CipherData><e:CipherValue>ibvGCSvP6Sd7gQqucQcOTJ5ufV1e9BmZnd1dni6NyLlENj2Gm9IeZHQc1+FnIJwdnS9HImMP/OWbC6ilfE93SJqGsCRJwWGAQQVKwzFs4lri0kB7X7t97PxR3W7/Jijwes1zQhWmlju62tAmUg5hCHY2ylSwjUg8ecmzkF3hy/E=</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>zNyf/S2QghG71SRV7E2aHgO1K55dPJyvyziWcdWKyPhtnSthEO4dGn7XLEbQZCfWm/03AUhOT329joH2Z7j+dmRuvETmuOMThn47atfh5hBSs6dmn478FPd5GUXzz0PdmRsHdtzsFTCHhZenBpbBLJL3UoX+g+/2gr++k7VnPJeCnKDUvtVtLWP+V4Ol3RD3TfcEZco+mhMarIudESNqn6VdDWiCDUWTR8VhUqJyAJeABHqLHdsgHKc2UNAi8ItWPCY8B9FS05AeJBSw28TFr4wqnjmC9rjYNdG+os41nWNgkZQ4KtghgxmiqhHMCzNIGlFyYfkh4XFxYz6OIadDJmN7oK42vYlPReK9GEXrePS8KJUqzsDkJ2PsKeY3rEVX6XCp6oE4gXNeHaHOPTqDkDUWqYBy2ntcVgcNpKuO4MLMRgt9hWEzxwYEmijJw2F7zE3/Ju0XkBEgQyd9HMYCnCM+3ZZfXGnntCmXptFc2uCcCevgsLGLlyLXhuEAVj/7mWfoh2OnL1qrOE9RxsUdBYqe6npHrGgzYEEkPM7om6ZxpPALXDyqCGfY+t6wZyxNkM5D/VVAR58W0TEMch9p6Sa8Sn/fBKcsNgSiiTRUn7pbL9ptarRAiOmk0DsZ/fYH553VR6VCaRtrsvINrKD/OPZHj8bsX4ljmZ12nQYJcZIuIU6Z7n+JcfP9yV1meLVhd8Iah1jSdqGhC16rOEls/6X9dHfA3gmP/clE2QaESwf7djd9Iy76qJJll99AvQqfGhO2IKPwtVYCclkrX1Wc+PEtFlKZgzfdtqpyWTklllh2t6Lb5n+Cs+yJ00DHKuVTl6pKew3cGoID6kHxDSzFTayFG54PTpF66eKNHrc4siDuXe0BWz2kxsCfmfNkzPAfE/qb1JGIXOu8dxXbJa17KkTJYJ/bxA08056U14XiQadO71GNZID4lu/scIr5nHnzX798HQxUWIBflx+HZo7cUzVLmQfpSr8bfkXD4Fcy0cPOw6yVy10Es70I3KVL0jUJWciChCmxpnSuBmgi/O0H/o09NsppqEPw/djeBxFR5tgUh9Dseh9hVfeChm5EW+O5rXp9aWVSZPdw7b4q06Cz5H9lKr+H5dclcBvkY15m7lcMCswMkO7bt9mZHxWj5I6SqHeLhmogbiYlILrQAA5TgyOtx4kQeyUhpjAxuoFIcAxg3XnbpiPyoPnezMUS4Y/Btlihe1nS1pIluHFhSqDxJA213TOi+PfvKTj2xnk6PqLbYfsxLEXStzIaSqD1Xs1D65GhK2x51ytXLcPMc5z8SF53PJf1DWJsbphN4tmWJjuKzr8mmQ3BJKlrSNuaaXi1NbtHy3d739UyB0+KbB5X9FUL895SFSaql1Qicj2wBvNce4HtuBkMoJFClJ7tkdkwj9MrdL8tg6p5fWTwtF+uyFPq6IUJaor7J0jJ7ofJ7NltWsKyW8h3sbdFnM0MHzYpGxu1RioO5C7Dgy+6On0Wlox7Gqms8QY9HTDiHuFohgFW+Tmqk4y4IAr5F4VNvR8t3m9SF5hlSLr7GBBL3FHWR9My504qh2wxCQIOqJRI9ARh/RvXIEYwfg/WrjXlwGs8rM36+koa+SNjOC7JTNn3ICpAIh3xh0iTnTE5DwhpBbPsFvMApP1idVCSkSYuGzd4cnStq3JdFx1lyQo4EmrMUwWco72vc2I/nTCJDKA6Ztk0Xyi2+Omn2Pnzo8pKYrNZuq993k0ewOcxlGkBVxODeZ4ge54SUsBeRnGU/f8zHMMzjftdyutTQKSoU2iqkkmY0iQUMWiWMC9coCdsZy9aDBhAD7QgYfGSWQZBkqlBZZKyAizSjz18XRR1C7euWVGHP0XWiTKnQT6dPostkdeSAKSmuoE4FdNSsj2/0lY1FQD20bI7z9UgsvoXx1NZBoqwaCNAQZzQ/qU7Fw6iyztfSrnpuCCigTVVCHHnHYZWfBdn9oNLD1VZd9L0dtfDL45iHdy9s5wkwHxodiCasG3qyPfKN0p3tQGmQzpxJ5PWYhpX5kYXMJN/lB0LuScTNQqyOsG/mkGx1YYLOcvcsV+ShPiuVlhd/TlokLCHgdEt14QCd/6lTZ3uWp8u09tjaUjT/WSK7UUVD2BCHYH+vLvk20gNw2MWAwgwH+nhTeKQc4RF95JERspP6PaJLjL07W/VWeJjAzRJ3lgfGcGlw/XXdX/c3V+1jZgxOQnIl1oAx+5RqWQ3kgSUfxL/cEnNYRTjqC6n/aBevSY5NnbkTyIavbwNmQIMy/Buw5cl/lLGWj0W1C+KKW+s48QytwjjguYRuyImaKhsnjATm7IspD7bq5t1q9TioblfWPeHafSGDAgpKf6T+72wn7pPyJXUemaictdxCoe5l6ME3RcQD5RwyKYOnccYRDOt9JTRHpYw0v0o3dZPEwjWiEVdP/9elAIwpRphiWP7LuswMT/kRx4jZE6bq1nLw/0zcmNbdmbA87b4aOpIHJFf1K5dSsWAyMzM1Y35a98+jstaho4pkpmwE9tueDO8uT3tZvEmoJLByCEnfKSaY35B0loa1Kalwsj6yiMh5kJTkLNVHiPM0nFbXa0RVxX0iBVWkHKyd7N3icXzbaiIbA4qvUGPZ1eBfvKSwLsH3//izHvOphO1UKf8j+7jSbdTgFRPzJF42VNqXDHmwuInwnyomcy99kShuheRxjEq9izUwa5V7SkZvCCTnINhPltgJaasKY68yrtUTiFL4h19D/oTDPxVjNvVAMnw2cdH2rINtjj6fpBcVzutB/bnUYYFAPhYEofDsYe+IiqRcnxl+q8CV5MO8wzsLDuG/M0lP+au9TNVP3Pe5PJggimEDm1oSojo7Yob/3v0Jt6x0h0CY7e6Hvuft7QthNjYjMNzM/6FyIi0ULahB2XzpUroJ1CwTiEi2Jcirzl+J537GgO56w6JY0L9IB5BOqEQJtwLeD1id8Z2kvys8t8XsOcseJxp9SO6Ua+ifwnzojUE3zlBQInOcULEWIyu9gJNWfLh6U0vaOGfHgHw98YNNH0Fn/PwluuWtY1jIbS8KD3NBIVlDpeDKS3i6kNTXqUAUU8WcH9rJElhCmcpjCWl25OW8c03VxYtLuQwG9g8pBPuRx5LqZjh3AwJUnU6PBTmAob8hBC7zT/yba6OhJW9zJvKj/q4Q1SnH+TFwYdxKQ6zHgX2e/ECHGJiaQ5TWOhzu4iKEn0EmW4sGBYHhjDGnZr1/is1ufFfQiR90K6kyPsAPuDEB4PJnAGI7rEm7Pqveu6Yz+X/04YJSbfGkZaLSrAr2fgtYYq8bv/YElXrrx9eCgS8WW7QUHiXtZTpthzD/ylmDFFlWsExKBfAziWbhFydU5gIm9Ntqte88j4FdiH5v34xItuIHGhcM35V1tPP8qoInWSboyOMsJTXHXBK8jRCMgfa8DZe9SLGWl0ti70axmWP0MYeffg6V6NMRcQdmTMC1BDBU8EFQhT/yUC6xpis+K0QO9XnfQZiFFLNdzbLPowgD/jj+GSaCMJ9PXAIQoc7NJDyvnGBxhfr5WnhF80dapJZClW9urVBwgHXn5XBNKzXV2OoZAozb5AksJnc/toNqFFRyel7QuQjMfsRis9ZFSlCgtQe4MGQ2hCO87HM1mY7BYOb91XT2+aKDqrlDzDNg5Rnabv+Z/IfJa2lP8U+72WdydPap+q3zVM4Ys8YRyq3vy9Koq96rGQDyaJPyzZzgr6j1km/nsquZyL9CvCTzetxeDSDwiNhXFN825K+Raz1tj850UHhn9ZAGAN+C43mxf4yRyTmxXL/O4P8EkttHpf0QpEZMDcJV5pY15/zfvUp+ecKwKmn0TPDhVtwBHhqn2NnTKtFhd4OJjsLNWJAkBeG9vTEKmNZZZDEPgfxrpZsTKrpWa8NbSNvMoocaUPiAZmJ5A+VLwXG+7J12N8LihGZqnzA8DDqqdHTkczPkpyBvMxp8mxqU0fWogz92R6mRKrs/jNze1na9pKgO15al8KqnGS2+QrEfj9zSuDdwR47tIKBaYBEbee/zB1/MroYfGDiejz4Qe5fYrpKKj5IjSRKjzAnf1W3kJ9EcglQiDagKbp+aSjcxh3ce562XZ8Jk6vUjfE4ylIo5sLwrrrWS87b5yMv+0pA9aUurwX6ryniRPK0pqPRjVy03DXKeNujYgKnhnOoVgNMDsfhWPqNrAWBt1jRYw/C+3NGQpiGiRKL6CZHvmcGrqvpOSagrIs3MDW+QyqldwLlkTK6dp/J9NUpdLZOLPnw+U8fvSkChDQ8eid2hHlVG4CwD+lJOcdqbqgR8ZHQyu3YjKTAL96mYlIfqNou/m5cVUfbFTDdEaq7duYLsKhvci0Zh+YaGl++YNjwnvV3/4SNe87+ji/wsZ2E70OkuNIQrvc4fGxgsGLkeFoFP1Zz9OBGwb6mhKGbcVCdUfDJklCC5WJ+qjTQE411y2f2j1co/PB7A0DOfFxkHsO3L95vNCfiuRQXtnZzu+myU2bWV4thl0EIPEXNeSDW3Oh2zj/aLCZievJn8WTEy5d/hnfc2NMOyUX5aJsFK6uz6IQeGJ0wLE6QShUnGj8wDrEzacz9LjRmAaaxzosI60Fb8O1X/VZJNcX+g2UMr5gvlIFSGYLu56k5UxxyDD+OHMMnyLKceQtcezR7roUc02TJ6YpZG1tmSbC40dgEoGr6ZdNlj33zhvcc/g==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></EncryptedAssertion></samlp:Response>",

      "responseStatus": 500,

      "responseStatusText": "Internal Server Error",

      "responseHeaders": [

        [

          "Date",

          "Mon, 23 Nov 2015 13:21:56 GMT"

        ],

        [

          "Server",

          "Apache"

        ],

        [

          "Expires",

          "Thu, 19 Nov 1981 08:52:00 GMT"

        ],

        [

          "Cache-Control",

          "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"

        ],

        [

          "Pragma",

          "no-cache"

        ],

        [

          "x-frame-options",

          "SAMEORIGIN"

        ],

        [

          "X-UA-Compatible",

          "IE=EmulateIE9"

        ],

        [

          "Vary",

          "Accept-Encoding"

        ],

        [

          "Content-Encoding",

          "gzip"

        ],

        [

          "Content-Length",

          "1752"

        ],

        [

          "Connection",

          "close"

        ],

        [

          "Content-Type",

          "text/html; charset=UTF-8"

        ]

      ],

      "id": 16

    },

[Peter Schober]

* alexey....@pool4tool.com <alexey....@pool4tool.com> [2015-11-24 17:46]:

> Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 1
> /var/www/html/modules/sso/lib/simplesamlphp/modules/saml/www/sp/saml2-acs.php:83
> (require)
> Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] 0
> /var/www/html/modules/sso/lib/simplesamlphp/www/module.php:135 (N/A)
> Nov 23 14:21:56 simplesamlphp ERROR [fff919a5b4] Error report with id
> 74daa19e generated.

If the signature validation fails at the ACS step then SimpleSAMLphp
(acting as SAML SP) wasn't able to validate the IDP's signature on the
SAML Response or Assertion.
I.e., either They're Doing It (the signing) Wrong, or the metadata you
have on record for their IDP is off (esp the key therein).
The decoded and reformatted dump of their POST which you posted later
is useless for debugging signature errors.

But there's more than one error here and I haven't look at that
sequence in any detail.

Also you didn't follow the installation instructions and seemingly
exposed your whole SSP installation on the web, which is insecure and
should be avoided.
(Note that if you do fixed this, you'll need to supply all IDPs with
updated metadata, as all endpoints and possibly the auto-generated
entityID of your SP would change; another reason not to rely on
auto-generated entityIDs).
-peter