Invalid Signature on SAML Response

  • 24 July 2018
  • 4 replies
  • 336 views

Hello, 

I've setup SSO with G Suite and am having the following issue. 


Whenever I attempt to sign in, I see the google auth page as I should, and then I am redirected to the old freshdesk login portal at /login/normal, where I see this error:

Login was unsuccessful! - Validation Failed : Invalid Signature on SAML Response

If I click "Google" on this page I can log in as per normal, however this is too impractical for our users to make use of. 

Can anyone hazard a guess as to why this is doing this?

Cheers. 



This topic has been closed for comments

4 replies

Userlevel 4
Badge +12

Hello,


Hope you're already in touch with one of our support heroes. Please share the story on how you got this to work.


Cheers!

We had the same issued with Office 365 Active Directory. The fingerprint was fine but every couple of weeks it seems as though FD would modify the fingerprint somehow causing this authentication issue. Coming from a Fortune 100 organisation it's not easy for me to get our cloud identity guys on a call to fix it and we are at an impasse with support as FD support want a test account in our AD environment to do some trouble shooting which our security team is not willing to provide 😞. As a result, we've had to turn off SSO for our 100 users.


Can anyone tell me how to fix the error "Login was unsuccessful! - Validation Failed : Invalid Signature on SAML Response" when using Google as IDP + Freshdesk as SP?
Seem everyone got this problem, but no one can post the solution.

Thanks.

At freshdesk [Admin] page, [Single Sign On (SSO)] section, DO NOT paste X509 cert file, you need to paste the "fingerprint" of X509 cert.

Use following command to view the fingerprint of your X509 cert file (download from Google).

Ref: https://knowledge.digicert.com/solution/SO28771.html

----------------------

openssl x509 -noout -fingerprint -sha256 -inform pem -in GoogleIDPCertificate-[your_domain].pem

----------------------

then you will see the fingerprint of X509 cert file, like this:

 

SHA256 Fingerprint=44:22:XX:XX:XX:66:XX:9B:XX:32:XX:9B:XX:44:YY:DA:YY:69:ZZ:XX:YY:ZZ:00:99:88:77:D6:E5:D4:XX:YY:ZZ

 

Paste the fingerprint value to "Security Certificate Fingerprint".