AADSTS76021: The request sent by client is not signed while the application requires signed requests

Question

AADSTS76021: The request sent by client is not signed while the application requires signed requests

Ran Shtivi 10

The request is signed but still I get this issue

 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>
            </Reference>
        </SignedInfo>

Request Id: 1b6fbc5e-39b5-4e8d-a3ff-7c8f43163500

Correlation Id: a96de4fe-1ef6-4378-b8e7-39a370791f48

Timestamp: 2023-02-13T09:53:15Z

Message: AADSTS76021: The request sent by client is not signed while the application requires signed requests

ADELGERGIOSS-8881 1 Reputation point

2023-02-27T02:37:48.7+00:00

HP Support for Windows 11 & Windows 10_ How to Upgrade & Fix Problems / ADEL-PC 👍❤️✅😊
Thomas Vaudry-Read 0 Reputation points

2023-05-25T22:54:50.72+00:00

@Ran Shtivi @Sandeep G-MSFT Were you able to resolve this issue? I am encountering the same and do not know what is wrong.

1 answer

Your answer

ADELGERGIOSS-8881 1 Reputation point

2023-02-27T02:37:48.7+00:00

HP Support for Windows 11 & Windows 10_ How to Upgrade & Fix Problems / ADEL-PC 👍❤️✅😊
Thomas Vaudry-Read 0 Reputation points

2023-05-25T22:54:50.72+00:00

@Ran Shtivi @Sandeep G-MSFT Were you able to resolve this issue? I am encountering the same and do not know what is wrong.

Answer 1

Sandeep G-MSFT 20,911 Microsoft Employee Moderator

@Ran Shtivi

This error comes in when you have enabled one of the preview feature "SAML Request Signature Verification" and when either the application is not sending the signed SAML authentication request to AAD or in Azure AD you have not uploaded the correct certificate for it to validate the authentication request.

To fix this issue you can check and confirm if correct certificate is uploaded. To check this you can follow below steps,

Login to Azure AD portal.
Access Azure active directory blade.
Click on Enterprise applications blade.
Once you see list of all configured application you can click on the application for which you are getting an error.
Click on Single sign-on blade and then look at "Verification certificates (optional) (Preview)" on the right pane.

User's image

Confirm if the certificate uploaded is the correct one.

If Azure AD has the correct certificate then the issue might be from the application side. Application might not be sending the signed SAML authentication request to AAD.

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Ran Shtivi 10

No its not working

when I dont use signed request feature it work

but with I use it I get this error.

im pretty sure the request is signed properly(saml added).

what can cause this issue ?

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                     ID="id5f47a12faaab456b88b2cb2eeaa0bca1"
                     Version="2.0"
                     IssueInstant="2023-02-26T07:26:43Z"
                     Destination="https://login.microsoftonline.com/***97b2-05973e24f64f/saml2"
                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                     AssertionConsumerServiceURL="https://**-webapplication-staging.tenbis.cloud/Account/Saml2SignOnResponse"
                     >
    <saml2:Issuer>https://***.tenbis.cloud</saml2:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
            <Reference URI="#id5f47a12faaab456b88b2cb2eeaa0bca1">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>QjZsC76/ox6JYvx9gSpZvRckMCS2dtlhg0vpvz5FQ6A=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>qC0feDsRpGPIKIMTW8MGj/p6dz8YJd****T5RVL4yU3rAm0w==</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIIDTTCCAjWgAwIBAgIQfvDnCr***kqhkiG9w0BAQshvcNAQEBBQADg****************</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</saml2p:AuthnRequest>

Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator

2023-02-27T02:40:48.9033333+00:00

@Ran Shtivi

Let's troubleshoot this issue offline.

Please send us an email on azcommunity [at] microsoft [dot] com with Sub - Attn: Sandeg and following details in the email body: Link to this thread/post We can connect offline and discuss further on this.
SAGAR PATIL 0 Reputation points

2024-11-20T09:06:56.3233333+00:00

Were u able resolve the issue in my case also same issue i am using Java and building sso url request but i am getting like this

Share via

AADSTS76021: The request sent by client is not signed while the application requires signed requests

1 answer

Your answer