SSO Troubleshooting: The Assertion Of The Response Is Not Signed And The SP Requires It
Learn how to resolve a missing assertion signature error during SSO
What This Error Means
When attempting single sign‑on, Foundry displays the following error:
The Assertion of the Response is not signed and the SP requires it
This means the identity provider sent a SAML response, but the Assertion within that response was not digitally signed.
Why This Happens
Foundry acts as the service provider (SP) and requires the SAML Assertion to be signed using the identity provider’s signing certificate.
While some identity providers may sign the overall SAML Response, signing the response alone is not sufficient. Foundry specifically requires the Assertion inside the response to be signed.
How to Resolve the Issue
-
Open your identity provider configuration for the Foundry service provider
-
Review the SAML signing settings
-
Ensure the identity provider is configured to:
- Sign the SAML Assertion, not just the response
- Use the same signing certificate that is configured in Foundry
-
Save the configuration and retry the SSO login
Once the assertion is signed correctly, the login should succeed.