SAML Connection Error 'Signature check errors: invalid signature: for uri SUPPLIED_URI calculated digest is...'

konrad.sopala · October 23, 2023, 7:49am

Problem statement

A SAML Connection was configured in Auth0. When attempting to log there, there is the following error message in the Auth0 logs:

Signature check errors: invalid signature: for uri # URI calculated digest is DIGEST but the xml to validate supplies digest SUPPLIED_DIGEST

Symptoms

SAML authentication will fail
The SAML Response, when viewed with samltool.io will provide a slightly more generalized error:
- XMLJS0013: Cryptographic error: Invalid digest for uri ‘URI’. Calculated digest is DIGEST but the xml to validate supplies digest SUPPLIED_DIGEST
Certain SAML attributes appear in an unexpected format, note the unexpected line breaks and encoded ‘&#xD’

 <AttributeValue>
                    Ballybrit&#xD;
Parkmore Business Park West&#xD;
IRL-G Galway Parkmore 4
                </AttributeValue>

Steps to reproduce

Need to configure a SAML IdP to send a SAML attribute with line breaks ‘/n’

Cause

The issue was due to the formatting of the SAML attribute, an Admin of the IdP will need to update that attribute to not send that attribute with line breaks

Solution

Since this is due to how an attribute is being formatted and sent, the Admin of the IdP will need to update that attribute so it can be parsed correctly. The steps to alter/remove attributes will vary depending on IdP.