MSIS0038: SAML Message has wrong signature - ADFS error

余生颓废 提交于 2019-12-11 02:41:21

问题


I was getting this strange error in Windows Server 2012 even after installing the right Signature certificates for SP in ADFS. The error logs shows something like this :

The Federation Service encountered an error while processing the SAML authentication request. 

Additional Data 
Exception details: 
System.IdentityModel.SignatureVerificationFailedException: MSIS0038: SAML Message has wrong signature. Issuer: 'XXX-XXX-XX'.
   at Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
   at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.Issue(IssueRequest issueRequest)
   at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.ProcessRequest(Message requestMessage)

回答1:


After several hours of unproductive debugging I found that this is a known ADFS issue and has nothing to do with validity of certificates, thumbprints, etc..

Microsoft has provided the below update to rectify this issue.

kb - 2896713

This issue occurs if the system has security update 2843639 installed on Windows 2012 Server.



来源:https://stackoverflow.com/questions/24900719/msis0038-saml-message-has-wrong-signature-adfs-error

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!