Hi Manikumar,
Thanks for including the SAML response XML. The issue isn't with the certificate. Instead, the IdP's XML signature implementation is incorrect.
The SAML response ID is 5a2f63e1-284a-42c1-8403-b2365b64ebbe. The reference URI in the SAML response signature is 81715e6b-c9b3-4d89-b211-bb08d8252432. It should be 5a2f63e1-284a-42c1-8403-b2365b64ebbe. The SAML assertion ID is 81715e6b-c9b3-4d89-b211-bb08d8252432. They seemed to have mixed these up.
If instead they intended to sign the SAML assertion, the signature should be a child of the assertion, not the SAML response.
You should go back to them with this information and ask they correct their implementation.
The other thing to note is that they're using SHA-1. We support this but highly recommend using SHA-256 instead.
Regards ComponentSpace Development
|