When your signature verification certificate used to sign the Active Directory Federation Service (ADFS) Security Assertion Markup Language (SAML) response does not match what is in the SAML Administration module of your website, you will receive an error, "Login Failed – Cannot validate SAML token." You can fix this error by updating your Signature Verification Certificate in the SAML Administration module of your CivicEngage Central website using the following steps. If you need any assistance performing these steps, please reach out to CivicEngage Technical Support.
Who can use this feature?
- Navigate to Modules > Site Tools > SAML Administration
- Note: This requires System Administrator permissions
- Uncheck the box next to Signature Signing and Verification
- Delete the certificate inside the Signature Verification Certificate box so it is empty
- Scroll back up and click Save Changes
- In a new tab, navigate to https://[your website domain]/common/admin/rebuildcache.aspx to rebuild your site cache. You should see a blank page.
- Go back to the SAML Administration module tab and check the box next to Signature Signing and Verification
- Click Save Changes
- Sign in to the website using ADFS
- The new certificate has now automatically populated into the database. It will not appear in the Signature Signing and Verification field until after an app pool recycles your website (which occurs every night). You can check back after this to see the new certificate populated in this field.