Ticket validation error: Invalid Property: AuthnRequest: Signature: REQUESTER for unsigned SAML requests

Problem

Browser or log shows error: Ticket validation error: Invalid Property: AuthnRequest: Signature: REQUESTER

Solution

A Service Provider is attempting to request authentication using an unsigned SAML message. Consider first is this desirable. Typically AuthnRequests are signed to ensure the sender is legitimate. Request that the SP enables AuthnRequest signing.

If the SP can not comply, to forcibly disable rejection of unsigned messages, add the following option to the agent configuration in Ubisecure SSO Management application.

Compatibility Flags: AuthnRequestValidate

After pressing Update, disable and re-enable the application to ensure the configuration is made active.

For a SAML service provider to send an unsigned request, the SP metadata must not contain a signing key.

If the following error occurs

com.ubisecure.saml2.core.SAMLValidationException: Invalid property: AuthnRequest: Signature: urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:RequestDenied

verify that the service metadata has no <KeyDescriptor use="signing"> element. If found, redact the signing key and active the service provider again by uploading the redacted metadata.

Related articles

• Page:
  Ticket validation error: Invalid Property: AuthnRequest: Signature: REQUESTER for unsigned SAML requests
• Page:
  "Remove" button not working for remove role functionality issue in CID
• Page:
  "The password can not be reset at this time" Error in password-reset application for CustomerID User
• Page:
  Unable to get data source: CustomerID SQL DataSource
• Page:
  SAML Compatibility Flags