SAML request signature verification failed on Office 365 ADFS integration

Document ID : KB000118850
Last Modified Date : 02/11/2018
Show Technical Document Details
Issue:
Office 365 ADFS (Active Directory Federation Service) Integration can be accomplished using using the following two public links for CA Strong Authentication.

1. docops.ca.com/ca-advanced-authentication/9-0/en/installing/ca-adapter-installation/office365-integration#Office365Integration-ConfigureAdapter

2. docops.ca.com/ca-advanced-authentication/9-0/en/installing/ca-adapter-installation/active-directory-federation-services-integration. 

One may encounter a login failure with error - "SAML request signature verification failed" in arcotafm.log with an issue (REDIRECT_URLMISSING) as depicted in the screen shot below:

User-added image


 
Environment:
Office 365 integration with ADFS for CA Strong Authentication.
Cause:
Essentially a "POST" versus "REDIRECT" on CA Advanced Authentication Properties" of the configuration screen is required (please refer to screen shot in Resolution section below). If "Redirect" instead of "Post" is configured then this issue may be encountered"
Resolution:

On the Configure URL page, select the Enable support for the SAML 2.0 WebSSO protocol check box. Under the Claims provider SAML 2.0 SSO service URL, specify 
https://<AFM-FQDN>:<AFM-PORT>/arcotafm/master.jsp?profile=AFMprofilename as the Security Assertion Markup Language (SAML) service endpoint URL for this claims provider trust and set the Binding as POST

 


"Post" needed instead of "Redirect" in the "CA Advanced Authentication Properties" as in screen below


User-added image
Additional Information:
None.