ADFS: SignatureVerificationFailedException: MSIS0037: No signature verification certificate found for issuer

Question

I'm configuring a Service Provider to connect to ADFS, and looking up the error we get says:

The Federation Service encountered an error while processing the SAML authentication request.

Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0037: No signature verification certificate found for issuer 'myapp.domain.com'.
at Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.Issue(IssueRequest issueRequest)
at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.ProcessRequest(Message requestMessage)

I'm just the client / SP, I don't have access to the ADFS server, its managed by a different company, in a different country. So, like Jon Snow, I know nothing.

The internet seems to suggest that perhaps these two Microsoft KB's might be relevant:

• KB2843638 (a security update that causes an issue)
• KB2896713 (a follow up patch)

Is the metadata not trusted by the IDP, or that would be a different issue?

Answer 1

I have seen this error when the request and the Relying Party identifier registration on ADFS (2.1) did not match in casing. For instance the error would occur if the request said: urn:MyRPId and the ADFS registration was urn:myrpid.