Problem
Browser or log shows error: Ticket validation error: Invalid Property: AuthnRequest: Signature: REQUESTER
Solution
A Service Provider is attempting to request authentication using an unsigned SAML message. Consider first is this desirable. Typically AuthnRequests are signed to ensure the sender is legitimate. Request that the SP enables AuthnRequest signing.
If the SP can not comply, to forcibly disable rejection of unsigned messages, add the following option to the agent configuration inĀ Ubisecure SSO Management application.
Compatibility Flags: AuthnRequestValidate
After pressing Update, disable and re-enable the application to ensure the configuration is made active.
For a SAML service provider to send an unsigned request, the SP metadata must not contain a signing key.
If the following error occurs
com.ubisecure.saml2.core.SAMLValidationException: Invalid property: AuthnRequest: Signature: urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:RequestDenied
verify that the service metadata has no <KeyDescriptor use="signing"> element. If found, redact the signing key and active the service provider again by uploading the redacted metadata.
Related articles