Symantec IGA

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William

Hi William,

The Export SP metadata will not export the above certificate that you created.

You need to manually export and import this certificate into your IDP and configure the same for encrytion.

Thanks,

Yogitha.

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William

Hi Yogitha,

I have checked my Idp, the cert for encryption is loaded correctly.

I have some new finding, in my Idp_clientSP setting by default these 2 setting is turn on Sign document & Sign Assertion.

If i turn off both setting, then my SP decryption works(user able to login). 

It seems like when SAML Assertion Encryption is turn on together with sign documents=on and sign assertion=on, IdentityPortal login doesnt work.

As per my understanding modern Idp & Sp SAML integration works together when all 3 -> assertion encryption is ON, sign document is ON and sign assertion is ON. 

regards,

William

Hi William,

The Export SP metadata will not export the above certificate that you created.

You need to manually export and import this certificate into your IDP and configure the same for encrytion.

Thanks,

Yogitha.

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William

No customer reported this issue as of now. It supposed to work.

Can you enable only sign assertions and check whether it's working or not.

If problem persists, open a support ticket.

Thanks,

Chendra.

Original Message:
Sent: Jan 06, 2026 02:14 AM
From: William Cheang
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi Yogitha,

I have checked my Idp, the cert for encryption is loaded correctly.

I have some new finding, in my Idp_clientSP setting by default these 2 setting is turn on Sign document & Sign Assertion.

If i turn off both setting, then my SP decryption works(user able to login). 

It seems like when SAML Assertion Encryption is turn on together with sign documents=on and sign assertion=on, IdentityPortal login doesnt work.

As per my understanding modern Idp & Sp SAML integration works together when all 3 -> assertion encryption is ON, sign document is ON and sign assertion is ON. 

regards,

William

Original Message:
Sent: Jan 06, 2026 01:29 AM
From: Mudunuri Yogitha Bhargavi
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi William,

The Export SP metadata will not export the above certificate that you created.

You need to manually export and import this certificate into your IDP and configure the same for encrytion.

Thanks,

Yogitha.

Original Message:
Sent: Jan 05, 2026 04:28 AM
From: William Cheang
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William

-------------------------------------------

Hi Chendra,

i have open ticket below:

80041632 -IdentityPortal(SP) integrated using SAML - when Request Decryption key turn on, Portal login not working.

Will try with sign assertion only together with encrypt assertion.

FYI. I noticed other IDPs is providing this SAML option. where Signing is either Assertion or Response, there is no both option.

regards,

William

-------------------------------------------

Original Message:
Sent: Jan 06, 2026 10:24 AM
From: Gadangi Chendra Shekar
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

No customer reported this issue as of now. It supposed to work.

Can you enable only sign assertions and check whether it's working or not.

If problem persists, open a support ticket.

Thanks,

Chendra.

Original Message:
Sent: Jan 06, 2026 02:14 AM
From: William Cheang
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi Yogitha,

I have checked my Idp, the cert for encryption is loaded correctly.

I have some new finding, in my Idp_clientSP setting by default these 2 setting is turn on Sign document & Sign Assertion.

If i turn off both setting, then my SP decryption works(user able to login). 

It seems like when SAML Assertion Encryption is turn on together with sign documents=on and sign assertion=on, IdentityPortal login doesnt work.

As per my understanding modern Idp & Sp SAML integration works together when all 3 -> assertion encryption is ON, sign document is ON and sign assertion is ON. 

regards,

William

Original Message:
Sent: Jan 06, 2026 01:29 AM
From: Mudunuri Yogitha Bhargavi
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi William,

The Export SP metadata will not export the above certificate that you created.

You need to manually export and import this certificate into your IDP and configure the same for encrytion.

Thanks,

Yogitha.

Original Message:
Sent: Jan 05, 2026 04:28 AM
From: William Cheang
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William

-------------------------------------------

Hi Chendra,

i have open ticket below:

80041632 -IdentityPortal(SP) integrated using SAML - when Request Decryption key turn on, Portal login not working.

Will try with sign assertion only together with encrypt assertion.

FYI. I noticed other IDPs is providing this SAML option. where Signing is either Assertion or Response, there is no both option.

regards,

William

Original Message:
Sent: Jan 06, 2026 10:24 AM
From: Gadangi Chendra Shekar
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

No customer reported this issue as of now. It supposed to work.

Can you enable only sign assertions and check whether it's working or not.

If problem persists, open a support ticket.

Thanks,

Chendra.

Original Message:
Sent: Jan 06, 2026 02:14 AM
From: William Cheang
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi Yogitha,

I have checked my Idp, the cert for encryption is loaded correctly.

I have some new finding, in my Idp_clientSP setting by default these 2 setting is turn on Sign document & Sign Assertion.

If i turn off both setting, then my SP decryption works(user able to login). 

It seems like when SAML Assertion Encryption is turn on together with sign documents=on and sign assertion=on, IdentityPortal login doesnt work.

As per my understanding modern Idp & Sp SAML integration works together when all 3 -> assertion encryption is ON, sign document is ON and sign assertion is ON. 

regards,

William

Original Message:
Sent: Jan 06, 2026 01:29 AM
From: Mudunuri Yogitha Bhargavi
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi William,

The Export SP metadata will not export the above certificate that you created.

You need to manually export and import this certificate into your IDP and configure the same for encrytion.

Thanks,

Yogitha.

Original Message:
Sent: Jan 05, 2026 04:28 AM
From: William Cheang
Subject: Vapp - Identity Portal v14.5 SAML sign-on error when enable with Encrypt SAML Assertion

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William

-------------------------------------------

No customer reported this issue as of now. It supposed to work.

Can you enable only sign assertions and check whether it's working or not.

If problem persists, open a support ticket.

Thanks,

Chendra.

Hi Yogitha,

I have checked my Idp, the cert for encryption is loaded correctly.

I have some new finding, in my Idp_clientSP setting by default these 2 setting is turn on Sign document & Sign Assertion.

If i turn off both setting, then my SP decryption works(user able to login). 

It seems like when SAML Assertion Encryption is turn on together with sign documents=on and sign assertion=on, IdentityPortal login doesnt work.

As per my understanding modern Idp & Sp SAML integration works together when all 3 -> assertion encryption is ON, sign document is ON and sign assertion is ON. 

regards,

William

Hi William,

The Export SP metadata will not export the above certificate that you created.

You need to manually export and import this certificate into your IDP and configure the same for encrytion.

Thanks,

Yogitha.

Hi All,

I am using Vapp 14.5 with IP, where IP is enabled with single-sign-on using SAML integration to my Idp. My Idp is keycloak v26.

Firstly, IP is able to integrate with my Idp(keycloak), using no encryption assertion. 

Next, I uploaded a new certificate into IP, and changed Request Decryption key to use this new cert. Save the setting and perform export SP metadata.

Then i take this SP metadata and load into my Idp(keycloak)-clients. Setting is loaded correctly with the same new cert.

Next when i test login sigma page, it able to redirect my Idp Login page, so i sign-in with username & password. After that page show error.

When i check the IP log, i saw this error Exception occured in verifySamlResponseSignature Verification failed.

On the SAML Tracer, i have this result.

Anyone have faced this issue before ?  

regards,

William