Error message: Couldn’t validate XML digital signature

Problem

You are unable to establish a successful connection to ADFS.

error_message.png

NOTE
If you establish a successful test connection and you are still experiencing issues, you might have incorrect attribute mappings or issues with the federation IDs. Contact customer support with questions.

Access requirements

You must have the following access to perform the steps in this article:

Adobe Workfront plan
Any
Adobe Workfront license
Plan
Access level configurations

You must be a Workfront administrator. For more information, see Grant a user full administrative access.

NOTE: If you still don't have access, ask your Workfront administrator if they set additional restrictions in your access level. For information on how a Workfront administrator can modify your access level, see Create or modify custom access levels.

Cause 1: The certificate is incorrect

Solution

Manually retrieve the Signing Certificate from the ADFS Server:

  1. In Windows, click Start > Administration > ADFS 2.0 Management.
    The ADFS 2.0 Management dialog box is displayed.

  2. Select Trust Relationship > Relying Party Trusts in the left-hand pane.

  3. Right-click on Relying Party Trust, and select Properties.

  4. Click on the Signature tab.

  5. Click on the name of the Signing Certificate, and click View.

  6. Click Copy to File…, and select Next.

  7. Select Base-64 encoded x.509 (CER), and click Next.

  8. Specify the file name, and click Next.

  9. Click Finish.

  10. In Adobe Workfront, navigate to Setup > System > Single Sign-On (SSO) and manually upload the Signing Certificate.

Cause 2: The certificate is signed using DSA when Workfront is expecting an RSA signature

Solution

Recreate the certificate and use the RSA signature instead of the DSA.

Cause 3: XML Data is incorrect

Solution

Re-export and re-import the XML metadata from the ADFS management system.

Cause 4: The request could not be performed due to an error on the SAML side

Solution

Contact your SAML provider.

recommendation-more-help
5f00cc6b-2202-40d6-bcd0-3ee0c2316b43