SSO Troubleshooting: SAML Response Status Message of Signature required
Learn what to do if you receive this error
Error Message
During SSO, with a PingFederate identity provider, single sign-on fails. Upon inspecting the code in the SAML Response, you see the following code:
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" />
<samlp:StatusMessage>Signature required</samlp:StatusMessage>
</samlp:Status>
Resolution
When creating a service provider for Foundry in PingFederate, set “Require digitally signed AuthN requests” to false to resolve this error.
Additional Resources
SPs may send signed SAML messages that require an IDP to have a signature verification certificate | PingFederate
Everfi does not know why PingFederate responds with this error because Foundry does sign its AuthNRequest but clients report that changing this setting solves the problem.