Skip to main content

SAML SSO Error: Signature validation failed

When setting up SAML single-sign on (SSO), you may encounter the following error: Signature validation failed. SAML Response rejected

SAML signature validation error

This indicates one of two things:

  • You may not have entered the certificate correctly in the Semgrep SSO settings. Verify that the signature there matches the one provided by your IdP.
  • Your certificate may have a problem, such as being outside its validity dates. Inspect the signature information for the certificate you uploaded to Semgrep AppSec Platform and ensure it is valid.

If your certificate file is stored as server.crt, you can view the signature information on the command-line using:

openssl x509 -in server.crt -text -noout

Check information such as:

  • Certificate authority or Issuer
  • Validity dates
  • Signature algorithm and value

Address any problems with the certificate. Then, upload the resulting certificate to Semgrep AppSec Platform:

  1. Sign in to Semgrep AppSec Platform.
  2. Click Settings > Access > SSO.
  3. In the Upload/Paste certificate box, add the correct certificate.
  4. Click Save.

After updating the settings, attempt a new SSO login.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.