|Applies To||Federated Identity Management Module (FIM) 4.1|
|Issue||FIM "The response signature cannot be verified" message is not very descriptive.|
The FIM server throws the following exception:
com.rsa.fim.profile.sso.SSOProfileException: Exception encountered at the top-level of the profile bean: The response signature cannot be verified: The message is signed, but the signature cannot be verified
|Cause||There is not much detail on the possible reason for signature validation failures. If there is anything wrong with the trusted certificate or its chain the same exception is thrown.|
This has been resolved in hotfix 4.1 HF_30 for RSA Federated Identify Manager (FIM) 4.1 Contact RSA Customer Support and request this hotfix or the latest cumulative hotfix for your platform.
This hotfix introduced the following additional detail in the system event log if there is a certificate validation failure:
"ApacheXMLSecurityImpl does not support this XMLSignature format"
|Legacy Article ID||a52320|