When troubleshooting Single Sign-On (SSO) login issues in Salesforce, administrators use the SAML Assertion Validator tool (accessible via Setup > Single Sign-On Settings > SAML Assertion Validator) to validate SAML responses from their Identity Provider (IdP).
SAML (Security Assertion Markup Language) is the industry-standard protocol used for Single Sign-On (SSO) authentication between Salesforce and external identity providers such as Okta, Microsoft Azure AD, and PingFederate. When a user logs in via SSO, the IdP generates a SAML response — a digitally signed XML document — and sends it to Salesforce.
If a SAML response that was successfully used to log into Salesforce is incorrectly decoded (for example, it contains extra whitespace or line breaks from copy-pasting) before being passed to the SAML Validator, the validator will report:
"The signature in the response is not valid."
This error does not necessarily mean the original SSO login had an invalid signature — it means the SAML response was improperly formatted before being submitted to the validator.
To resolve this error, capture the SAML response correctly using one of the following tools and validate it in the Salesforce SAML Validator. The SAML Validator accepts both plain text and base64-encoded SAML responses.
SAML Tracer is a browser extension for Mozilla Firefox that captures SAML transactions.
Axiom is a web-based SAML testing tool available at http://axiomsso.herokuapp.com/Home.action that acts as a test Identity Provider (IdP).
Fiddler is a web traffic inspection tool that can capture HTTP/HTTPS requests including SSO flows.
[MyDomain].my.salesforce.com) with the path /?so=[OrgId] (for example, /?so=00D00000000xxxx).When correctly validated, the SAML Validator will confirm: "The signature in the response is valid. OK."
000388106

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.