9,628 questions
how to fix the problem "Message: AADSTS500132: Assertion is malformed and cannot be read.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 89%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Roberto Rabolini
20
Reputation points
Hi there,
We implemented SSO solution for our Office 365 tenant to RSA-Security by SAM2.0 protocol . We developed SAML provider by ourself.
Here is our flow:
- Federating our domain to our own login-page which can received SAML request from O365
- Users browses to login O365 page of Microsoft.
- O365 will redirect users to our login page on RSA-Security
- Our own login page will authenticate and response to O365 by sent back SAML Responds assertion to O365
- We cannot login to our O365 tenants, with the error:"Message: AADSTS500132: Assertion is malformed and cannot be read".
We have checked the SAML tracer files we collected: The SAML request and response look normal to us and in the SAML response RSA is sending “success” which means the authentication was successful from RSA-Security side.
Also from the user event monitor on RSA-Security Cloud we could observe that authentication was performed successfully and the assertion was sent successfully for the user.
We researched but can't find out the reason for this phenomenon.
Could anyone check and give us any explanation
Thanks so much
Regards,
Roberto
Microsoft 365 and Office Install, redeem, activate For business Windows
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 47%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
Gary de Beer 80 Reputation points2025-03-23T15:56:09.4433333+00:00 This error is so vague that it provides no help at all in determining what might be wrong.
Additionally, despite enabling flagging and repeating the error, I am never able to find any transaction in the logs matching the request or correlation id's reported in the error response.
Sign in to comment
Sign in to answer