No idea why this is happening, our SAML assertion keeps failing with a 403 Forbidden: Invalid Signature error when testing the SSO integration. We are currently migrating from Zendesk to Genesys Cloud and trying to replicate our existing SSO setup. In Zendesk, we simply uploaded the IdP metadata XML, and it worked instantly. Here, we are following the admin console steps for SAML configuration, but the login redirect loops back to the IdP.
The environment is Genesys Cloud EU (eu-01). We have verified the ACS URL matches the one provided in the Genesys admin portal. The Entity ID also seems correct. However, when we check the IdP logs, the signature validation fails. Is there a specific certificate format or signing algorithm preference in Genesys Cloud that differs from Zendesk? Zendesk accepted our SHA-256 certificates without issue. I have tried regenerating the keys, but the result is the same. Any insights on common pitfalls during this specific migration step would be greatly appreciated.