<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
SLO Failure: Invalid Signature
Jul 11, 2024
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

When configuring Single Logout for an app integration or renewing certificates, the following error might be encountered:
SLO failure: Invalid Signature

Applies To
  • Single Logout
  • Single Sign-On
  • Error
Cause

Invalid Signature means the LogoutRequest is not signed properly. Typical problems would be:

  • Signature Hashing Algorithm. .
  • Incorrect private key used to sign the message.
  • use an external tool to validate the logout request
Solution
  • Check the Signature Hashing Algorithm (eg: SHA256 or MD5) configured for a partner in IdP.
  • The correct public-private key pair is used and associated certificate is configured at IdP and the same certificate is being sent via LogoutRequest.
  • Whole LogoutRequest message is signed and not just few elements of the message.
 

Related References

Recommended content

Still looking for help?
Loading
SLO Failure: Invalid Signature