3336571 - "Unable to verify the signature of the SAML assertion" error when using OAuth authentication

You are integrating your SuccessFactors instance with another system (Client System) using APIs and OAuth2 authentication, but an error message is being returned: 

• "Unable to verify the signature of the SAML assertion. Please ensure that the assertion has a signature and the key pairs match the client ID"

SAP SuccessFactors HCM Suite

1. Register your client application in SuccessFactors;

2. Obtain an SAML assertion;

3. Try to generate an OAuth token;

4. See the error message;

Cause 1: Incorrect Key Pair (public and private key) maintained in the Client System (calling SuccessFactors);

Cause 2: Incorrect or nonexistent SAML assertion signature maintained in the Client System (calling SuccessFactors);

For cause 1, in the Client System:

• Check if the public key being used corresponds to the public part of X-509 Certificate of your application in SuccessFactors (under Manage OAuth2 Client Applications);
• Check if the private key (Client Secret) being used corresponds to the private part of X-509 Certificate generated and downloaded when the application was created  SuccessFactors;
  NOTE: If unsure, create an application from scratch based on the Registering Your OAuth2 Client Application chapter or KBA 2850646.

For cause 2, in the Client System, either ensure the assertion has a signature or generate a new SAML assertion (refer to Generating a SAML Assertion from OData guide);

• KBA 2850646 - How to register for OAuth 2.0 authentication - SuccessFactors Integrations
• Authentication Using OAuth 2.0 chapter from OData guide;

incorrect, wrong, key pair, public, private, api, key, certificate, client ID, client secret, client, server, application, applications, signature, 401 , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , Problem