ERR_FAILED_TO_VERIFY_SIGNATURE when parsing SAML response

[DrJest]

Hi, I'm trying to build a SP on top of samlify. Everything works fine until I get the response from the IDP. Then I get ERR_FAILED_TO_VERIFY_SIGNATURE. I tried to verify the signature with the parseLoginResponse and the sig.checkSignature of xml-crypto, but both of them give invalid signature. But, by copy-pasting the response from the console to https://www.samltool.com/validate_response.php I get a valid response. Both the response and the assertion are signed. guess that might be the problem?

[tngan]

@DrJest Here is the example for working with signed message + signed assertion.

If you don't mind to share the response (taking out the sensitive information), and send to lockgate@protonmail.com.

https://github.com/tngan/samlify/blob/9a56afda0d3baf0d2f0eac6ae60d88ba3cbc77c9/test/flow.ts#L736-L750

[Sf-Skaylink]

Hey @tngan and @DrJest , I have the same problem, could you find a solution? Interesting is that I use the chrome extension SAML-tracer and i'm definitely getting a correct SAML response incl. bearer token back. i just can't use it because the parseLoginResponse fails due to the error.

[liviu-gheorghe]

Same problem here, can anyone help?

[lorenzo-polaris]

Same problem here, I solved by changing the IDP messageSigningOrder