Lasso Error 440 while receiving SAML response from AzureAD
Hi Entrouvert Team,
I hope you can help.
I have a Problem while configuring SAMl SSO for Apache with Azure AD as IdP.
For Apache mod_auth_mellon is used, which uses lasso as SSO library (lasso version 2.5.1).
The problem is as follows:
The redirect to the IdP works fine. After successful authentication the IdP sends the response to the SP (auth_mellon).
"auth_mellon" reported then:
Error processing authn response. Lasso error:  The profile cannot verify a signature on the message, SAML Response: StatusCode1="urn:oasis:names:tc:SAML:2.0:status:Success"
So that deals with LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE error.
The error occures in the mod_auth_mellon function "auth_mellon_handler.c" at lasso function: "lasso_login_process_authn_response_msg(login, saml_response)".
It does not matter if we use RSA-SHA1 or RSA-SHA256 as signing algorithm on IdP side.
I checked the SAML Response with the public (signing) key from Azure AD in an online SAML checker tool (https://8gwifi.org/samlverifysign.jsp)
The Signature is valid. (for SHA1 and SHA256)
Any ideas why lasso thinks the signature is invalid?