During SAML integration with SSC, the following error is received: /saml/SSO/alias/fortify_ssc [WARN] org.apache.xml.security.signature.XMLSignature - Signature verification failed
Fortify Software Security Center
Fortify Software Security Center (SSC) 22.2.x
The following SAML errors are written to the ssc.log for a SAML integration with Azure Active Directory and SSC:
/saml/SSO/alias/fortify_ssc [WARN] org.apache.xml.security.signature.XMLSignature - Signature verification failed. /saml/SSO/alias/fortify_ssc [DEBUG] org.springframework.security.saml.websso.WebSSOProfileConsumerImpl - Validation of authentication statement in assertion failed, skipping org.opensaml.xml.validation.ValidationException: Signature is not trusted or invalid
The IdP (Azure) signing certificate changed, but the Azure federated metadata was not updated in SSC.
Go to Azure IdP and download the current Azure federated metadata.
Replace them in SSC (Refer to "IdP metadata location" in SSO configuration).
Restart SSC to apply the changes and try login again.