Error detection

If there is a mismatch between the signature algorithm used by the SAML Session Provider and the configuration in AD FS or PingFederate, the error will show up in different ways:

  • If the SAML Session Provider is configured to sign AuthnRequests, the following error may be logged during authentication: "Invalid status in response from IdP: null!" Note that this error may have other causes, which may be further explained in the AD FS event log.

  • During logout from Ming.le, a generic error message may be displayed in the browser. If the error is due to mismatched signature algorithms, the AD FS event log will contain event ID 327, with error code MSIS7093, saying that the signature algorithm used was not the expected one.

In both cases, the problem is solved by ensuring that the configured signature algorithms match in the SAML Session Provider and in the IdP.