Problem: The SAML response contained a invalid signature: Failed to verify signature

saml
sso

#1

Problem:

You cannot login via UMC, you get the following error message.
The SAML response contained a invalid signature: Failed to verify signature

Die Anfrage konnte nicht ausgeführt werden.
The SAML response contained a invalid signature: Failed to verify signature

Issue:

Maybe you reset the certificates here:

ucr set saml/idp/certificate/privatekey="/etc/simplesamlphp/ucs-master.schein.ig-idp-certificate.crt"
ucr set saml/idp/certificate/certificate="/etc/simplesamlphp/ucs-master.schein.ig-idp-certificate.crt"

The certificate shown here
https://ucs-sso.schein.ig/simplesamlphp/saml2/idp/metadata.php
is not the same as in /etc/simplesamlphp/

Solution

You have also to force-reexecute the joinscript 92univention-management-console-web-server.inst.
You can do this either via the UMC module "domain join’ or via the CLI:

univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server.inst

closed #2