Identity Federation SSO Fails With "Signature verification failed for provider ID ..."
Last updated on MARCH 14, 2017
Applies to:Oracle Identity Federation - Version 22.214.171.124.0 and later
Oracle Access Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
It can occur with OAM 11gR2 and OIF 11gR1.
The same solution applies.
Oracle Access Manager (OAM) 11.1.2.x has been configured as a Service Provider (SP) with a 3rd party Identity Provider (IdP).
SSO between the sites is failing, the OAM System Error page is displayed.
The OAM log file shows errors that indicate that OAM is unable to verify the signature of the SAML message from the IdP:
Steps to reproduce
1. Access the IdP site and login to the IdP domain.
2. Click on a link that triggers IdP-initiated SSO to a site in the OAM SP domain.
3. The OAM System Error page is displayed.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms