Skip to main content
hamburger menu Created with Sketch.
Veeva Support EU & US Holiday: May 29th - Limited staff, please plan accordingly

Search the Knowledge Base

Error: IdP Certificate Not Valid - Received by Vault SSO User(s)

  • Updated

Overview:

A user, assigned to an SSO Security Policy, is receiving an error: Can't validate Identity Provider signature.

Root Cause:

This error is caused by the SAML Response from the Identity Provider (IdP) not being properly signed, or the Identity Provider (IdP) Certificate not being valid.

Solution:

Vault requires that the entire SAML Response from the customer IdP be signed. Review the XML in the SAML Response with the IdP support team to ensure that the entire response is signed and not only a part of it, for example, only the assertion.
 
Also, check the IdP Certificate to be sure it is still valid. Check If the Certificate is expiring or is being changed only in the IdP or Vault, and not both of these environments.

Example: It can cause the SAML Response signature to not be valid. 

Related Documentation:

Vault Documentation: About SAML Response Signing

Powered by Zendesk