SSO Issues

I’m getting “WPSAMLERR003 : Unsigned Response or Assertion”. What should I do?

226 views April 18, 2025 0

Error Code Description

No signature was found in the SAML Response or Assertion.

Solution

It is required by the SAML 2.0 standard that either the response or assertion is signed. Please enable the same in your IDP.



Follow the steps below to resolve the error for the IdPs listed:

  • Okta as IdP
  • KeyCloak as IdP


Configuration steps for Okta as IdP:

Follow the steps below to resolve the ERROR WPSAMLERR003 for Okta:

  • Once you are in the Okta Admin Dashboard, navigate to the Applications tab and select the application that you have created.
  • Navigate to Applications tab
  • Select the General tab and scroll down to the SAML Settings, and click on Edit.
  • In General tab scroll down to SAML Setting
  • Click on Next button.
  • Click on Next button
  • Click on the Show Advanced Settings.
  • Show Advanced Settings
  • For the fields Response and Assertion Signature, the dropdown option would be selected as Unsigned by default.
  • Assertion Encryption
  • For the Response or Assertion Signature field, select Signed as value from the dropdown. [ You can also enable both dropdown as signed ]
  • Sign Response and Assertion
  • Scroll down and click on Next button.
  • Click on Next button
  • Click on Finish button.
  • Click on Finish button
  • Finally, In the WordPress SAML SSO plugin, go to the Service Provider Setup tab of the plugin.
  • Click on Test Configuration to check if the ERROR WPSAMLERR003 for Okta has been resolved. If the error is fixed, the test is successful.
  • Test Configuration
Configuration steps for KeyCloak as IdP:

Follow the steps below to resolve the ERROR WPSAMLERR003 for KeyCloak:

  • Once you are in the Keycloak Admin console, click on Clients tab from the left menu and then click on the client/application which you have created.
  • Click on Clients tab
  • In the Settings tab only go to the Signature and Encryption section.
  • Click on Settings tab
  • As per the SAML 2.0 standard, either the Sign Documents or Sign Assertion must be signed. Please enable either one or both.
  • Enable Sign Documents or Sign Assertions or both
  • Finally, In the WordPress SAML SSO plugin, go to the Service Provider Setup tab of the plugin.
  • Click on Test Configuration to check if the ERROR WPSAMLERR003 for KeyCloak has been resolved. If the error is fixed, the test is successful.
  • Test Configuration

Feel free to reach us at samlsupport@xecurify.com

Was this helpful?


Hello there!

Need Help? We are right here!

support