Can you help? Our SSO configuration is stuck at "Validation" step.
There is message on configuration page "SAML response and assertion is signed/unsigned?"
How do I check if Entire SAML message is signed or nor? I have SAML tracer extension installed. I need to go back to Idp admin and show them an evidence that, SAML message received from Idp is not signed completely. I'm assuming here, the SAML message received from Idp is not fully signed and dynatrace not is showing the above message.
Has anyone encountered with similar issue? Please help.
Solved! Go to Solution.
you need to check if there is a <ds:Signature> element right under <samlp:Response> element.
If not, it means, that the whole Response (whole SAML message) is not signed.
Please note, that if a <ds:Signature> element is only under <saml:Assertion>, then only assertion is signed which is not enough for Dynatrace SSO.
@kajetan_k, Idp team signing assertions and sending out. They are saying, we need to upload the cert at SP (Dynatrace) side to decrypt the request. Any idea if we can do it? I don't see anything like certificate upload. Can you please help.
@AK , I'm not sure that I understand the request. Please advise the customer to read https://www.dynatrace.com/support/help/how-to-use-dynatrace/user-management-and-sso/manage-users-and... and if something is not clear, to contact Dynatrace Support.