Hi I am trying to use SSO to authenticate my client's users directly to my website. My client's IDP is Microsoft ADFS and I am using Passport-SAML (https://github.com/bergie/passport-saml) to configure the SSO process.
I am getting the following error in client's ADFS server log when I try to login:
"The Federation Service encountered an error while processing the SAML authentication request"
and in Exception details:
"MSIS0038: SAML message has wrong signature. issuer:'myCompany_com'."
Here the process I followed:
1/ Got my medatafile myCompany.xml using passport script and provide it to my client
2/ My client add it in Add Relying Party Trust in his ADFS, add rules using the Send LDAP Attributes as Claims template and add another rules using Transform an incoming Claim option and send me his Certificate
Error flow: 1/ User access authentication area from myClient (in fact got redirect there after using the following URL: www.myClientSpace.myCompany.com 2/ Enter his credential and try to sign in, then the error appear in ADFS SERVER LOG Maybe I'm missing something in my XML file...
Thanks for your time & help!!!
PS: here my XML file
<EntityDescriptor entityID="myCompany_com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICQ...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.myCompany.com/adfs/postResponse/logout"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.myCompany.com/adfs/postResponse/postResponse" index="0"/>
</SPSSODescriptor>
</EntityDescriptor>
