Signature Invalid/Configured Certificate Mismatch for SSO with SFDC

Question

I did SSO of OpenAM and SalesForce.com (SFDC) I have installed OpenAM-Client SDK to retrieve SAML Assertion from OpenAM.

I used this assertion data to generate SAML response required for SalesForce. When I pass this data to SFDC. I got error message for SAML.

“Failed: Signature Invalid/Configured Certificate Mismatch”

I used same certificate and signature data which I got from OpenAM-client SDK public API assertion.

At time of SSO configuration with SDFC. I used default certificate (test cert) provided by OpenAM.

Is there any way to retrieve test certificate and its signature from OpenAM ?

score 3 · Accepted Answer · answered Feb 28 '12 at 22:38

3

Run one of the failing SAML assertions through the SAML Validation tool inside Single Sign-On Settings in SFDC; you should get a slightly more useful error. The most likely cause of this is that you have not uploaded the correct certificate to SFDC as part of your SSO setup. Make sure the "Identity Provider Certificate" section of "Single Sign-On Settings" matches the cert contained in the assertion.

answered Feb 28 '12 at 22:38

jkraybill

3,339
27
32

Thanks for your reply. I used Assertion API and then its get validate properly. – Deepak Mule Mar 05 '12 at 06:17

Signature Invalid/Configured Certificate Mismatch for SSO with SFDC

1 Answers1