none
ADFS - Getting 'SAML message has wrong signature' when sending request for SLO RRS feed

  • Question

  • Hi,

    We are trying to implement SAML authentication in our application with ADFS as Identity provider. SSO is working fine. but when we send logout request from our application, always getting 'SAML message has wrong signature'.

    We are passing a signed logout request(see below) to ADFS and also configured all necessory settings(SP certificate etc.) to ADFS.

     <samlp:LogoutRequest xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2f10ed22-befb-4502-9225-66e1b5eba6d7" Version="2.0" IssueInstant="2016-07-22T21:43:05Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
             <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">#VALID_ISSUER</Issuer>
            <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion">#VALID_NAMEID</NameID>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <SignedInfo>
                            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
                            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                            <Reference URI="">
                                 <Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms>
                                 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                                 <DigestValue>LGND9p8lIPecSJeh/aj7z13KoxA=</DigestValue>
                            </Reference>
                     </SignedInfo>
            <SignatureValue>          #VALID_SIGNATUREVALUE
            </SignatureValue>
         </Signature></samlp:LogoutRequest>
    

    Let me know if there is something wrong with logout request.

    Thanks,               
    Mitesh

    Friday, July 22, 2016 2:57 PM