I have upgraded to Splunk 7.0.0, and I am encountering with "Verification of SAML assertion using the IDP's certificate provided failed. Error: Failed to verify signature with cert :S:\Splunk\etc\auth\idpCerts\idpCert.pem;" error. My earlier version with 6.6.3 was stable
Hello Could you please see if
Let me know how it goes. Also if this does not solve your problem would it be possible to list the files and directories directly under $SPLUNK_HOME/etc/auth/idpCerts . You dont have to paste the contents of the file, just the file names themselves should be sufficient.
I was also experiencing this issue after upgrading from Splunk 6.5.0 to 7.0.0. I did have cert1.pem and cert2.pem files sitting in $SPLUNKHOME/etc/auth/idpCerts prior to and after the upgrade. It seems that when the MSI runs an in place upgrade it may not be able to account for the new idpCertChain1 storage location. Simply moving the files to this location did not correct the problem. It wasn't until I worked with support and went through the whole process of setting up SAML again that the issue was corrected by putting the root CA cert and the AD FS token signing cert in the IdP certificate chains free text box of the SAML configuration page. Once we did this, Splunk rebuilt the cert1.pem and cert2.pem files inside of the new $SPLUNKHOME/etc/auth/idpCerts/idpCertChain1 folder and it started working correctly.