This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
3739members
1219posts

403 Error Encountered When Attempting to Log into Invoca Via SAML/SSO: Invalid Signature on SAML Response

InvocaKnowledge
Community Manager
Community Manager

on ‎08-24-2023 01:59 PM

Symptoms

  • User sees a 403 error when attempting to log into the Invoca platform via SAML/SSO.
  • The error message included with the SAML response read, "Invalid Signature on SAML Response," and the customer's x509 certificate was not included in their SAML response (SSO debugger needed to read error message).rtaImage.jpeg

Applies To

  • SAML/SSO integration
  • Customers who are implementing the Invoca SAML/SSO integration

Resolution

  1. Open your config settings for your Identity Provider. The customer in this instance uses RSA SecurID.
  2. Locate the setting that determines whether the Certificate included in the outgoing assertion. 
  3. If that setting is not enabled, enable it.
  4. Attempt to login again.

Cause

The customer did not have the setting enabled in their Identity Provider that dictated whether their x509 certificate is sent to the Service Provider (Invoca) in their SAML response.

Additional Information

If this solution does not solve the issue, see additional solutions for SAML/SSO 403 errors:
0 Kudos
Need more help?

Don't see what you are looking for? You can ask the Community or contact support.

Copyright © 2024 Khoros, LLC