"internal CA issued" or "external CA issued"
Stores of the ADFS servers at the IdP -> "Yes" or "No"? if you answered "internal CA issued" or "external CA issued", are the root CA cert and any applicable intermediate CA certs that are part of the path of the Token Signing cert at the SP, in the root/intermediate cert thawte, verisign, digicert, etc)? -> "self-signed" or "internal CA issued" or "external Is the Token Signing cert of the SP a self-signed cert, an internal CA issued cert or external CA issued cert (e.g. is SAML request signing enabled at the SP? (the SAML request contains a signature) -> "Yes" or "No"? Verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.”Ĭould it be this (screenshot) that looks like it *could* be a missconfiguration?įor everyone experiencing the so called "SAML Message has wrong signature" problem, can you please tell me the following when using SP initiated logon: “If this key represents a URI for which a token should be issued, Or is it saying my token? I can’t really decipher that from the error. :443/adfs/services/trust/2005/usernamemixedĪccording to these errors there is something wrong with yagfxg33k's token? If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database. , but the request could not be fulfilled because the key does not identify any known relying party trust.Ī:443/adfs/services/trust/2005/usernamemixed SignatureVerificationFailedException: MSIS0038: SAML Message has wrongĪ token request was received for a relying party identified by the key ' :443/adfs/services/trust/2005/usernamemixed' Issuer: ' '.Īt .(MSISSamlBindingMessage message)Īt .SamlProtocolService.Issue(IssueRequest issueRequest)Īt .SamlProtocolService.ProcessRequest(Message requestMessage) I then have that same GMail account used against a personal setup of Teams. As not a Microsoft account, at setup stage this would have essentially created a Microsoft account using GMAIL email as login.
SignatureVerificationFailedException: MSIS0038: SAML Message has wrong signature. So for me this makes sense because I have a GMAIL account that was used against the Free version of Teams. The Federation Service encountered an error while processing the SAML authentication request. Logs: Applications and Services -> AD FS 2.0 -> Admin: