Dear,

I am running a new Jenkins LTS installation for our test environment.  

Jenkins version : Jenkins 2.361.3

SAML plugin : 2.333.vc81e525974a_c

After SAML configuration on Jenkins application, I'm getting the following error when performing a "log in".

I'm getting properly authenticated to the Azure AD Enterprise Application which redirects me to the following Jenkins page:

"
You are now logged out of Jenkins, however this has not logged you out of SAML.
"

Following the Jenkins troubleshooting page, I've created a Jenkins log recorder that listens on 
org.jenkinsci.plugins.saml (FINEST)
org.pac4j (FINE)

The following log events are captured

// code placeholder

Decoded SAML relay state of: https://test-jenkins.eurocontrol.int/securityRealm/finishLogin Nov 30, 2022 12:44:46 PM FINE org.pac4j.saml.transport.Pac4jHTTPPostDecoder doDecodeDecoded SAML message Nov 30, 2022 12:44:46 PM SEVERE org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator validateSamlSSOResponseCurrent assertion validation failed, continue with the next one org.pac4j.saml.exceptions.SAMLSignatureValidationException: Signature is not trusted at org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator.validateSignature(AbstractSAML2ResponseValidator.java:147) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertionSignature(SAML2AuthnResponseValidator.java:616) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:371) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:293) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:140)

saml-idp-metadata.xml & saml-sp-metadata.xml are properly saved in the home folder of the Jenkins process

What causes this specific issue?  Why is the signature not trusted?