Invalid Signature error when configuring SAML2 with signing

Document ID : KB000125507
Last Modified Date : 30/01/2019
Show Technical Document Details
Issue:
After setting up SAML2 with signing, the follwong error is seen in the PC_HOME/sso/logs/SsoService.log:

ERROR | qtp1649115615-37 | <timestamp> | common.sso.saml2.UserAssertionService 
| Receive StatusCode: urn:oasis:names:tc:SAML:2.0:status:Requester. Message: Invalid signature 

And login fails for SAML2 authenticated users.
Environment:

CA Performance Management

SAML2 authentication with signing

Cause:
There is a mismatch between the Metadata/Certificate information the IDP has from CA Performance Center
Resolution:
Make sure the documentation is followed closely and the IDP has up to date Metadata from CA Performance Center (CAPC)
Additional Information:
https://docops.ca.com/ca-performance-management/3-6/en/administrating/single-sign-on/set-up-saml-2-0-support