IdP Provider: Ping Federate We are trying to encrypt SAML traffic. If encryption is turned off, everything works great. However, when encryption is turned on, the assertion file is getting decrypted but I am getting the following errors in the logs. 2020-09-02 12:24:10.734 DEBUG - SAML_SSO: Assertion encrypted: org.opensaml.saml2.core.impl.EncryptedAssertionImpl@1498822a 2020-09-02 12:24:10.778 DEBUG - SAML_SSO: Decrypted assertion: <?xml version="1.0" encoding="UTF-8"?> <saml:Assertion Decrypted assertion shows here </saml:Assertion> 2020-09-02 12:24:10.780 WARNING - SAML_SSO: The signature does not meet the requirements indicated by the SAML profile of the XML signature 2020-09-02 12:24:10.780 WARNING - SAML_SSO: org.opensaml.xml.validation.ValidationException: SignableSAMLObject does not have a cached DOM Element. 2020-09-02 12:24:10.821 ERROR - SAML_SSO: Unable to validate Response, see SAMLRequest overview for detailed response. Error: org.opensaml.xml.validation.ValidationException: The response is not signed correctly ID:[RVXXsEVN0Wx7Kyn7iV.xSMLVZ.x] 2020-09-02 12:24:10.821 ERROR - SAML_SSO: org.opensaml.common.SAMLException: org.opensaml.xml.validation.ValidationException: The response is not signed correctly ID:[RVXXsEVN0Wx7Kyn7iV.xSMLVZ.x]
What this error is telling you is that the response can not be decrypted with the public key. So check your SAML setup and double check the key in the metadata file is the same as the key that is used to encrypt the response from the IdP.
The logs actually on m2ee show the decrypted assertion. So the key is working correctly.