Test connection of newly configuring IDP shows the Error: SAML2ValidationError: Unable to locate SAML 2.0 certificate if x509_certificate is not set


Description

Symptoms


1. Setting up a new ADFS IDP with x-509 signing certificate is mapped, showing the error:

01/16/19 15:37:26 (544) SAML assertion is not encrypted.
01/16/19 15:37:26 (546) SAML2ValidationError: Unable to locate SAML 2.0 certificate.
01/16/19 15:37:26 (547) Could not validate SAMLResponse

You need to enable debug logging for the multiple provider SSO integration to validate the problem.
Then perform a "Test connection" on the IdP record.
Check for the SAML response from the System LOG and verify IDP is mapped with the required certificate.

2. In the IDP form, the certificate is properly setup

Cause


Even the certificate has added in the related list of IDP records, it has not attached to the IDP record properly in the XML view of the record

Resolution


To avoid the problem please:

  1. Login as administrator.
  2. Open the IdP record
  3. Right click on the top bar and select "export XML" on the IdP record
  4. If the XML output has the value like this:
    <x509_certificate/>
    You may need to add the Certificate display name and sys_id and upload the XML back
    <x509_certificate display_value="name_of_the_certificate_defined">sys_id_of the_certificate</x509_certificate>
    eg:- <x509_certificate display_value="Microsoft signing certificate">1e762253db3def00a67ed790cf96192f</x509_certificate>
  5. Do the test again.

Note: You need to enable debug logging for the multiple provider SSO integration to validate the problem.