Signature validation failed. Reference validation failed

I am using onelogin for SAML as SP. I was able to get the response XML. But the validation of the SAML response is failing due to

Signature validation failed. Reference validation failed

I tried to check the XML via the online tool but got the same error.

Could you please let me know how to fix this.

Solution

That happens when the SP is not able to validate the Signature included in the SAMLResponse.

In order to fix it, verify that the public certificate of the settings that you have register for the IdP is the right value.

One easy way to verify it is to record the SAML flow with the SAMLTracer Firefox plugin, and then review the value of the x509Certificate value element of the Signature matches the value you have in your SAML toolkit setting.

What causes a Responder status in a SAML response
Error while doing IdP initiated login using AWS Cognito
NextAuth - OAuthAccountNotLinked - Imported data from another website - Autolinking
Microsoft SSO login is not working as intended in react app
SAML - How to Correctly Sign both Response(Message) and Assertion
In Onelogin, Can SCIM provisioning be used with OIDC app?
SAML certificate authentication vs login
What are usually the token grant type needed for the secret token in scim provisioning?
Symfony 4.4.* hslavich/oneloginsaml-bundle - how to load certificates from file path?
Can I run a OIDC flow from a command line CLI tool?
Redirect not working for SAML login, php-saml with Azure Active Directory
Onelogin SAML implementation with other IDP that accepts SAML
What is the origin of the error message 'Signup not authorized, is limited to a specific company'
Onelogin - how to get the userid or email address after a successful PKCE login?
Signature validation failed. Reference validation failed
Storing User data - NextAuth v3 with MongoDB
OneLogin credential not working on API-V2
Can't get OpenID auth working with Onelogin and Azure web apps
OneLogin OpenId cookie expiration
OneLogin MFA Device vs Enrolled Factors
Plugin org.jacoco:jacoco-maven-plugin: one of its dependencies could not be resolved:
OpenID connect VS SAML flows
OneLogin and Azure AD SAML Request Invalid
Is there any way to get `picture` from OneLogin's `profile` scope?
AWS API Gateway Authentication with OneLogin
Adding minimal SAML support for ISV
OneLogin does not pass back SAML RelayState
OpenID Connect Token endpoint returning a bad request
Onelogin API - Verify Factor for SAML assertion when using Duo
A valid SubjectConfirmation was not found on this Response, laravel and saml2