Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
During SAML integration with SSC, the following error is received: /saml/SSO/alias/fortify_ssc [WARN] org.apache.xml.security.signature.XMLSignature - Signature verification failed
Products
Fortify Software Security Center
Environment
Fortify Software Security Center (SSC) 22.2.x
Situation
The following SAML errors are written to the ssc.log for a SAML integration with Azure Active Directory and SSC:
/saml/SSO/alias/fortify_ssc [WARN] org.apache.xml.security.signature.XMLSignature - Signature verification failed. /saml/SSO/alias/fortify_ssc [DEBUG] org.springframework.security.saml.websso.WebSSOProfileConsumerImpl - Validation of authentication statement in assertion failed, skipping org.opensaml.xml.validation.ValidationException: Signature is not trusted or invalid
Cause
The IdP (Azure) signing certificate changed, but the Azure federated metadata was not updated in SSC.
Resolution
Go to Azure IdP and download the current Azure federated metadata.
Replace them in SSC (Refer to "IdP metadata location" in SSO configuration).
Restart SSC to apply the changes and try login again.
URL Name
KM000017194