<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00006z06ETCAYOkta Classic EngineIntegrationsAnswered2021-05-25T14:27:53.000Z2021-05-21T07:30:22.000Z2021-05-25T14:27:53.000Z

DariuszM.10078 (Customer) asked a question.

May 21, 2021 at 7:30 AM
OKTA SLO Invalid Signature error

I have LogoutRequest

<samlp:LogoutRequest Destination="https://dev-86794585.okta.com/app/dev-86794585_pestletestocta_1/exknv6827HO0sN5TU5d6/slo/saml" ID="_592b6a9c-962c-4f66-896f-306eb5fe01c6" IssueInstant="2021-05-21T07:21:19Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ><saml:Issuer>https://localhost:3000/organizations/EpUYeUSmW6VAurkGcRzFSt37/saml/metadata</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig*"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n*" /><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig*rsa-sha1" /><ds:Reference URI="*_592b6a9c-962c-4f66-896f-306eb5fe01c6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig*enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n*"><ec:InclusiveNamespaces PrefixList="*default samlp saml ds xs xsi md" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n*" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig*sha1" /><ds:DigestValue>RJpJSUg2OtvIJ0fONGfXaG7QHhc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>awsommu0XoLQ60xsNUkW7xzbUqmiMhyR35EnTWqkhiijtsSZxvcACbnhueh6bbJFtE1/GEHM4C7fzHV0qTNzqL3TtEnKRF2ZPwqkX/jKeW2w4mqOTyokESowSZeSKsbccWLeNVRa68JhC/y1h75zjNKKa894UpNtAKNyMhUp4uQ=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICRjCCAa+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJ1czEPMA0GA1UECAwGUGVzdGxlMQ8wDQYDVQQKDAZQZXN0bGUxDzANBgNVBAMMBlBlc3RsZTAeFw0yMTA1MjAxNzQ1MzRaFw0zOTA4MDQxNzQ1MzRaMEAxCzAJBgNVBAYTAnVzMQ8wDQYDVQQIDAZQZXN0bGUxDzANBgNVBAoMBlBlc3RsZTEPMA0GA1UEAwwGUGVzdGxlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq5XugiijrOFu2ZFhwcxH98Lmiu+E8JYujnkvaPOuayU5MQkQGYmoX2xVegh//FIna+EdOQl/tfkqaTNzowgVQjNHaVwpqBpZR9II/NCMav/vjF6rSIjyeTYQoIZcGIrCvmkbz8c6bl+e5cxO1b8vqtogySQv4AlXNbyax8HoVLwIDAQABo1AwTjAdBgNVHQ4EFgQUMnDTOY7Gr2rsBMD+3oIL1DbUD3cwHwYDVR0jBBgwFoAUMnDTOY7Gr2rsBMD+3oIL1DbUD3cwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAeY4YiHIsNNh+4KtHLFgzeWrSKLtzzebRRnWLL2any3tkVKeXxr0MkgpFDWZQQRNqpJMV34injnVjzsC+dGDvprNzQvGjih8RnXPkcYS5uDGixVAHCefMdTE6Z+g8nBd+wTgZaSNlwqrYvyKRUYBQzhQhr4D+Nvk7LneKdz4Oyug==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">test@test.pl</saml:NameID><samlp:SessionIndex>_099e9b88-af8b-41e3-85a7-da53c6087ff6</samlp:SessionIndex></samlp:LogoutRequest>

 

With this request i get Invalid Signature Error

 

I uploaded my test certificate to OKTA panel:

-----BEGIN CERTIFICATE-----

MIICRjCCAa+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBAMQswCQYDVQQGEwJ1czEP

MA0GA1UECAwGUGVzdGxlMQ8wDQYDVQQKDAZQZXN0bGUxDzANBgNVBAMMBlBlc3Rs

ZTAeFw0yMTA1MjAxNzQ1MzRaFw0zOTA4MDQxNzQ1MzRaMEAxCzAJBgNVBAYTAnVz

MQ8wDQYDVQQIDAZQZXN0bGUxDzANBgNVBAoMBlBlc3RsZTEPMA0GA1UEAwwGUGVz

dGxlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq5XugiijrOFu2ZFhwcxH9

8Lmiu+E8JYujnkvaPOuayU5MQkQGYmoX2xVegh//FIna+EdOQl/tfkqaTNzowgVQ

jNHaVwpqBpZR9II/NCMav/vjF6rSIjyeTYQoIZcGIrCvmkbz8c6bl+e5cxO1b8vq

togySQv4AlXNbyax8HoVLwIDAQABo1AwTjAdBgNVHQ4EFgQUMnDTOY7Gr2rsBMD+

3oIL1DbUD3cwHwYDVR0jBBgwFoAUMnDTOY7Gr2rsBMD+3oIL1DbUD3cwDAYDVR0T

BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAeY4YiHIsNNh+4KtHLFgzeWrSKLtzz

ebRRnWLL2any3tkVKeXxr0MkgpFDWZQQRNqpJMV34injnVjzsC+dGDvprNzQvGji

h8RnXPkcYS5uDGixVAHCefMdTE6Z+g8nBd+wTgZaSNlwqrYvyKRUYBQzhQhr4D+N

vk7LneKdz4Oyug==

-----END CERTIFICATE-----

 

I cant figure out what im doing wrong. Why im getting invalid signature error ?

  • 1 answer
  • 799 views

  • User1616193434422641593 (Vendor Management)

    Hi Dariusz,

     

    Hope you're doing great today, I would like to encourage you to open a case with our Customer Support team so we can a take a look further on this problem, have a better understanding of your environment and proceed with the correct troubleshooting steps in order to provide you with the best support on this particular issue you are facing and help you with it

     

    Thank you,

     

    Fabian Ledezma

    Expand Post
This question is closed.
Loading
OKTA SLO Invalid Signature error