Ticket validation error: SignatureValidator: RequestDenied: Signature: KeyInfo contains unknown public key
Problem
Ticket validation errors observed while accessing an SAML Service Provider(SP) application.
Symptoms
Following errors observed in SSO Diag logs:
SSO diag logs
protocol.TicketProtocolException - - - Ticket validation error Caused - - - by: com.ubisecure.saml2.core.SAMLValidationException: SignatureValidator: urn:oasis:names:tc:SAML:2.0:status:Requester, urn:oasis:names:tc:SAML:2.0:status:RequestDenied Caused - - - by: com.ubisecure.saml.core.SignatureIntegrityException: Signature: KeyInfo contains unknown public key.
Solution
Error is observed due to certificate changes / certificate expiry at Service provider end.
Ensure to check Validity of certificate at Service provide end.
In case certificate is updated/ renewed at their end, you would need to update the SP metadata(containing new certificate) in SSO Management UI.