Thank you for your patience. After working closely with affected customers, we believe the issue is now resolved.
We have also confirmed that for Ping Identity, both Always Sign Assertion and Sign Response As Required under the Signature Policy must be set to true for SSO to function properly.
If you still experience log-in issues after following the steps outlined in this incident, please contact our Customer Care team for assistance.
Posted Mar 27, 2025 - 15:18 CDT
Update
Since we cannot determine whether customers' Identity Providers (IDPs) validate SAML signatures, our teams have proactively contacted all customers using Single Sign-On (SSO) with a SAML certificate.
While the issue has primarily affected Ping Identity customers, we have also identified potential impacts on Microsoft Active Directory Federation Service (ADFS) customers, who may need to enforce signing SAML authentication requests.
Summary: Following our early morning Tenfold Unplanned Security Update—v5.30.1 Release, https://status.tenfold.com/incidents/4y87xksbfyfz, some Tenfold customers are experiencing Single Sign-On (SSO) login issues.
The most common error occurs after entering the SSO Organization or domain name in the Corporate Login tab of dashboard.tenfold.com, the UI, or the Chrome Extension. Users may see an "Invalid Signature" error, preventing them from logging in.
Who is Affected? Some SSO customers using Tenfold have Identity Providers that do not validate SAML request signatures, resulting in unsigned signatures.
How do you fix it? The impacted Identity Provider (IDP) currently appears to be Ping Identity. To resolve this, work with your IDP Admin to update the settings: