cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSO for Dynatrace SAAS using Azure AD issue ( Saml Message has not been signed. Entire SAML Message needs to be signed)

Cheikh_Ndiaye
Newcomer

Hello,

I am trying to set up single sign on (SAML) for dynatrace SAAS with Azure AD. After verifying the domain and applying both metadata (SP and IDP) in dynatrace and Azure, I am validating the configuration which is showing the below message on the browser.

"""

SAML configuration validation complete

You may close this window and return to the configuration page to view the validation results.

"""

But when I checked the validation configuration results it is showing: "Saml Message has not been signed. Entire SAML Message needs to be signed."


I checked with the AD admin and on the SAML Signing certificate, the status is active with the Thumbprint and the Signing option is "Sign SAML response and assertion " with "SHA-256" as the Signing Algorithm.

Any idea what might be the issue? How can I fix it?

Thank you

Cheikh


5 REPLIES 5

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Have you went carefully through https://www.dynatrace.com/support/help/how-to-use-dynatrace/user-management-and-sso/manage-users-and... ?

particularly have you re-uploaded Federated Metadata XML file after configuration changes in AD?


Technical Product Manager,
Dynatrace Managed expert

Thank you Radoslaw. I have followed the instructions from the link for the configuration. I have now open a ticket with the support team.

Thank you

Cheikh


would be cool if you share the root cause and a solution if possible. Other community members might benefit when landing here.


Technical Product Manager,
Dynatrace Managed expert

ChadTurner
Leader

Yes please share the root cause. We just has an issue with SSO as well. Ticket with Support now


-Chad

Cheikh_Ndiaye
Newcomer

Hello,

The issue is fixed. It was on Azure AD side, as I mentioned earlier the Signing option I selected was "Sign SAML response and assertion " and it was showing on the Azure portal as well but when I sent the trace to the support they saw that the SAML responses coming from AD were not fully signed (only assertions were signed). Below is what they asked to do:

• change Signing Option to Sign SAML response,

• save,

• change Signing Option to Sign SAML response and assertion again,

• save,

• validate configuration again (maybe after some time needed for Azure AD to be reconfigured).


Thank you

Cheikh