SSO Troubleshooting: SAML Response StatusMessage of Signature required

Error Message

During SSO, with a PingFederate identity provider, single sign-on fails. Upon inspecting the code in the SAML Response, you see the following code:

<samlp:Status>
   <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" />
   <samlp:StatusMessage>Signature required</samlp:StatusMessage>
</samlp:Status>

Resolution

When creating a service provider for Foundry in PingFederate, set “Require digitally signed AuthN requests” to false to resolve this error.

Additional Resources

SPs may send signed SAML messages that require an IDP to have a signature verification certificate | PingFederate

EVERFI does not know why PingFederate responds with this error because Foundry does sign its AuthNRequest but clients report that changing this setting solves the problem.

SSO Troubleshooting: SAML Response StatusMessage of Signature required

Learn how to troubleshoot this error.

Error Message

Resolution

Additional Resources