+ Start a Discussion
SoleesSolees 

SSO SAML2 Issue "Failed: Signature Invalid"

Hello friends, we are having an issue with a customer with the SSO and his ADFS. We have uploaded correctly their certificate and metadata and we are getting the following error "Failed: Signature Invalid" but we don't know how to fix it.  We have tried changing our side and their side with no success. Please help us understand the issue.

This is the result the I have right now:
Results
Last recorded SAML login failure:  2016-04-20T21:56:33.750Z
Unexpected Exceptions
  Ok
1. Validating the Status
  Ok
2. Looking for an Authentication Statement
  Ok
3. Looking for a Conditions statement
  Ok
4. Checking that the timestamps in the assertion are valid
  Current time is after notOnOrAfter in Conditions
  Current time is: 2016-04-20T22:09:14.847Z
  Time limit in Conditions, adjusted for skew, is: 2016-04-20T22:04:34.275Z
  Timestamp of the response is outside of allowed time window
  Current time is: 2016-04-20T22:09:14.847Z
  Timestamp is: 2016-04-20T21:56:34.275Z
  Allowed skew in milliseconds is 480000
  Timestamp of the assertion is outside of allowed time window
  Current time is: 2016-04-20T22:09:14.847Z
  Timestamp is: 2016-04-20T21:56:34.275Z
  Allowed skew in milliseconds is 480000
5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  Ok
7. Confirming Issuer matches
  Ok
8. Confirming a Subject Confirmation was provided and contains valid timestamps
  Ok
9. Checking that the Audience matches
  Ok
10. Checking the Recipient
  Ok
  Organization Id that we expected: 00DR0000001unHb
  Organization Id that we found based on your assertion: 00DR0000001unHb
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  The reference in the assertion signature is valid
  Signature or certificate problems
  The signature in the assertion is not valid
  Is the correct certificate supplied in the keyinfo? false
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
  Ok
14. Checking if session security level is valid, if provided
  Ok
Best Answer chosen by Solees
SoleesSolees
Here is the answer

https://developer.salesforce.com/forums/ForumsMain?id=906F0000000fy9yIAA