Error validating saml response
La=function();Id=function();Id=function(a);r.td=ea(4);r.sd=ea(7);function hj(a) C(hj, E);r=hj.prototype;r. La=function();Id=function();Id=function(a);r.td=ea(3);r.sd=ea(6);function ij(a) C(ij, E);ij.prototype. La=function();function jj(a) C(jj, E);r=jj.prototype;r. La=function();Id=function();Id=function(a);r.td=ea(2);r.sd=ea(5);function kj(a) C(kj, E);function lj(a) C(lj, E);function mj(a) C(mj, E);var nj=[6,7];mj.prototype. Vd=function();function cj(a) C(cj, E);cj.prototype.kd=ea(1);cj.prototype. Oc=function(a);function dj(a) C(dj, E);var ej=;function fj(a) C(fj, E);fj.Style=function();function gj(a) C(gj, E);r=gj.prototype;r. What this means is that either the SAML response or SAML assertion must be signed.If the SAML response is signed and Want SAMLResponse Signed is false but Want Assertion Or Response Signed is true, we attempt to verify the SAML response signature and throw the exception you see if this fails.
Rf=q("Ka");Event Listener=function(a,b,c,d);r.remove Event Listener=function(a,b,c,d);r. Rb=function(a) ;function Xh(a) var Yh;function Zh() ;function $h() var bi=new Vh(function(),function(a));$h.prototype.add=function(a,b);$h.prototype.remove=function();function ai() ai.prototype.set=function(a,b);ai.prototype.reset=function();function ci(a,b) var di;function ei() var fi=! Their complaint is that they can change the email address in the response after signing it and that it will still pass the validation, which it shouldn't.Is there a flag that we need to set in the config to validate the signature properly?If you change the CMS entry page to make it private by setting Determine if the relay state is passed out to the Id P and then passed back during authentication.
You can do this with a browser capable of saving HTTP request headers and POST info, such as Chrome with its built-in developer tools, or Firefox with the add-on called HTTPfox.
However, this flag appears just to assert that the response is signed, not whether the signature is valid. Receive Sso Async() call would automatically verify the signature using the provided Partner Certificate if the response is signed, whether or not that flag is set.