So, I just encountered an error where vCD suddenly would not authenticate our SAML users with ADFS SSO.
After some troubleshooting, I found this in vcloud-container-debug.log:
org.opensaml.xml.validation.ValidationException: Signature is not trusted or invalid
org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
As it turns out, our ADFS servers had recently issued new self-signed certs for token-decryption and token-signing, and today they started to use these new certificates causing the vCD SAML connection to fail. In order to resolve this, I had to download SAML2 metadata XML file again and import it in Federation setting on vCD for this tennant. After doing so, things started to work properly again.
Just a quick tip if anyone else runs in to this issue..
This guide was used to set up the SAML2 from start:
Big thanks to that author!