How to fix the SAML Error Request not signed. Policy requires signed authentication requests

Mahesh Bandaru 20 Reputation points
2023-12-15T05:53:43.1+00:00

I followed the steps in the this guide: https://learn.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy. However, on the last step, when trying to test my SAML setup with the provided Test App, I get the following error:

[enter image description here

](https://i.stack.imgur.com/eAFkb.png)

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,282 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,966 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,645 questions
{count} votes

Accepted answer
  1. James Hamil 26,486 Reputation points Microsoft Employee
    2023-12-15T21:00:47.14+00:00

    Hi @Mahesh Bandaru , this error message indicates that the authentication request sent by your application to Azure AD B2C is not signed, but the policy requires signed authentication requests. To fix this issue, you need to ensure that your application is sending a signed authentication request to Azure AD B2C.

    Here are some steps you can follow to troubleshoot this issue:

    1. Check your application's SAML configuration to ensure that it is configured to sign authentication requests. You can refer to your application's documentation or contact the application vendor for guidance on how to configure SAML signing.
    2. Check the SAML authentication request that your application is sending to Azure AD B2C. You can use a SAML tracer tool to capture the request and inspect it to see if it is signed. If the request is not signed, you need to update your application's SAML configuration to sign the request.
    3. If you have configured your application to sign the authentication request, but it is still not being signed, you may need to check the SAML metadata for your application to ensure that it is correctly configured to sign requests.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.