Error "Invalid SAML response received: SAML Response signature is invalid" when logging into Panther using Google WorkSpace SSO
Issue
I enabled SSO and performed all the documented steps, but I'm unable to log into Panther using SSO via Google Workspace. I'm getting the error message Invalid SAML response received: SAML Response signature is invalid.
Resolution
To resolve this issue, follow these steps:
- Navigate to your IdP’s application configuration page and then fetch the updated metadata file.
- Open the Panther Console.
- Navigate to the configuration for SAML section of our Identity & Access tab in the General Settings.
- Replace the existing metadata file with the updated metadata file.
For additional troubleshooting:
To identify more details about this behavior, please check the Network tab of the Developer Tools in your browser and keep a note of the Name and Status columns, in order to gather additional context about the issue.
In addition, please confirm inside of Google that the SAML attribute mappings match what’s described in our documentation for creating the GSuite app. Specifically these three:
- PantherEmail
- PantherFirstName
- PantherLastName
Cause
The URL in the login page gives us a hint that there’s something wrong with the SAML assertion signature. The issue is expected to be resolved when following the steps described above.