3336571 - "Unable to verify the signature of the SAML assertion" - SuccessFactors

You are integrating your SuccessFactors instance with other system (client) using APIs and OAuth2 authentication, but an error message is being thrown:

"Unable to verify the signature of the SAML assertion. Please ensure that the assertion has a signature and the key pairs match the client ID"

SAP SuccessFactors HXM Suite

1. Register your client application in SuccessFactors;

2. Obtain an SAML assertion;

3. Try to generate an OAuth token;

4. See the error message;

There are some possible reasons for that:

1. Incorrect Key Pair (public and private key);
2. Incorrect or nonexistent SAML assertion signature;

There are different resolutions for each cause:

1. Check if the public key being used corresponds to the public part of X-509 Certificate in your client application in SuccessFactors (under Manage OAuth2 Client Applications);
   Check if the private key (Client Secret) being used corresponds to the private part of X-509 Certificate generated and downloaded in your client application in SuccessFactors;
   
   
2. Ensure that the assertion has a signature or generate a new SAML assertion (refer to Generating a SAML Assertion from OData guide);

• KBA 2850646 - How to register for OAuth 2.0 authentication - SuccessFactors Integrations
• Authentication Using OAuth 2.0 chapter from OData guide;

incorrect, wrong, key pair, public, private, api, key, certificate, client ID, client secret, client, server, application, applications, signature, 401 , KBA , LOD-SF-INT-ODATA-OAU , ODATA OAUTH Authentication , LOD-SF-INT-API , API & Adhoc API Framework , Problem