During an upgrade to early Jakarta, single sign-on through Multi SSO or SAML could fail. The error message indicates an invalid signature. Users may not be able to login using SSO authentication.
Steps to Reproduce
If the customer has SAML enabled either through the MultiSSO plugin or any of the older SAML plugins and the authn requests are signed, the customer will not be able to login during upgrade. This happens when upgrading from releases below or same as Helsinki to newest releases like Jakarta.
You will recognize this problem because the instance is in the process of upgrading and users using SSO authentication would not be able to login.
This problem is fixed since Jakarta Patch 6.
On previous instances, there are several workarounds available. You could either:
- On the sys_properties table, set 'glide.authenticate.external.use_redirect_page' value to false.
- Wait until the instance Upgrade completes.
Also if the users are already set up for an alternate login like DB based or LDAP based, they can go to side_door.do or login.do and login using those credentials.
Related Problem: PRB1191689