Identity Federation SSO Fails With "Signature verification failed for provider ID ..." (Doc ID 2032605.1)

Last updated on MARCH 14, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.5.0 and later
Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Note: this error "Signature verification failed for provider ID" may also occur where OAM is Identity Provider configured with a 3rd party Service Provider that is performing SP-initiated SSO and signing the SAML authentication request sent to OAM IdP.

It can occur with OAM 11gR2 and OIF 11gR1.

The same solution applies.


Oracle Access Manager (OAM) 11.1.2.x has been configured as a Service Provider (SP) with a 3rd party Identity Provider (IdP).

SSO between the sites is failing, the OAM System Error page is displayed.

The OAM log file shows errors that indicate that OAM is unable to verify the signature of the SAML message from the IdP:


Steps to reproduce

1. Access the IdP site and login to the IdP domain.
2. Click on a link that triggers IdP-initiated SSO to a site in the OAM SP domain.
3. The OAM System Error page is displayed.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms