SAP Knowledge Base Article - Public

3336571 - "Unable to verify the signature of the SAML assertion" - SuccessFactors

Symptom

You are integrating your SuccessFactors instance with other system (client) using APIs and OAuth2 authentication, but an error message is being thrown:

"Unable to verify the signature of the SAML assertion. Please ensure that the assertion has a signature and the key pairs match the client ID"

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

  1. Register your client application in SuccessFactors;

  2. Obtain an SAML assertion;

  3. Try to generate an OAuth token;

  4. See the error message;

Cause

There are some possible reasons for that:

  1. Incorrect Key Pair (public and private key);
  2. Incorrect or nonexistent SAML assertion signature;

Resolution

There are different resolutions for each cause:

  1. Check if the public key being used corresponds to the public part of X-509 Certificate in your client application in SuccessFactors (under Manage OAuth2 Client Applications);
    Check if the private key (Client Secret) being used corresponds to the private part of X-509 Certificate generated and downloaded in your client application in SuccessFactors;

  2. Ensure that the assertion has a signature or generate a new SAML assertion (refer to Generating a SAML Assertion from OData guide);

See Also

Keywords

incorrect, wrong, key pair, public, private, api, key, certificate, client ID, client secret, client, server, application, applications, signature, 401 , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT-API , API & Adhoc API Framework , Problem

Product

SAP SuccessFactors HCM all versions