Description | This article describes how to fix 'Signature validation failed. SAML Response rejected' error. |
Scope | FortiAuthenticator 6.X. |
Solution |
In the events log the error message will look like this:
date=2022-05-11 time=10:53:24+0000 oid=2873 logid=50006 cat="Event" subcat="User Portal" level="information" nas="" action="Login" status="Failed" msg="SAML user authentication failed: invalid_response(Signature validation failed. SAML Response rejected)" user="[Unknown]"
This is most likely cause by a certificate mismatch. Let's take as an example the following setup, FortiAuthenticator is IDP proxy, Azure is the IDP.
To resolve it, there are 2 options:
1) Import to the FortiAuhenticatorthe Azure .xml config file which includes the correct cert. Go to Azure portal, navigate to the Single Sign-On with SAML app, SAML Signing Certificate, Federation Metadata XML Download.
2) If an .xml config file is unavailable, then only the cert from Azure/IDP should do. Go to Azure portal, navigate to the Single Sign-On with SAML app, SAML Signing Certificate, Certificate (Base64) Download. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.