I am trying to set up single sign on (SAML) for dynatrace SAAS with Azure AD. After verifying the domain and applying both metadata (SP and IDP) in dynatrace and Azure, I am validating the configuration which is showing the below message on the browser.
You may close this window and return to the configuration page to view the validation results.
But when I checked the validation configuration results it is showing: "Saml Message has not been signed. Entire SAML Message needs to be signed."
I checked with the AD admin and on the SAML Signing certificate, the status is active with the Thumbprint and the Signing option is "Sign SAML response and assertion " with "SHA-256" as the Signing Algorithm.
Any idea what might be the issue? How can I fix it?
Solved! Go to Solution.
Have you went carefully through https://www.dynatrace.com/support/help/how-to-use-dynatrace/user-management-and-sso/manage-users-and... ?
particularly have you re-uploaded Federated Metadata XML file after configuration changes in AD?
The issue is fixed. It was on Azure AD side, as I mentioned earlier the Signing option I selected was "Sign SAML response and assertion " and it was showing on the Azure portal as well but when I sent the trace to the support they saw that the SAML responses coming from AD were not fully signed (only assertions were signed). Below is what they asked to do:
• change Signing Option to Sign SAML response,
• change Signing Option to Sign SAML response and assertion again,
• validate configuration again (maybe after some time needed for Azure AD to be reconfigured).