ForgeRock Identity Cloud

SignatureDoesNotMatch error and push notifications are not working in Identity Cloud

Last updated Jan 25, 2023

The purpose of this article is to provide assistance if you receive a 403 SignatureDoesNotMatch error and notice push notifications are not working in ForgeRock Identity Cloud.


Push notifications are not working in the staging or production environments after promoting changes but still work in the development environment.

You may see the following error when this The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (Service: AmazonSNS; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: ad4a64de-2387-5eeb-baf3-78e86d5f76e9; Proxy: null)\n\tat

Recent Changes

Configured the Push Notification service with an encrypted secret. 

Promoted configuration.


The encrypted secret (AWS Secret Access Key in this instance) has been added directly to the Push Notification service. All encrypted secrets must be created as ESV secrets, otherwise, they will not be promoted and/or work as expected.


This issue can be resolved by creating an ESV secret for the AWS Secret Access Key in your development environment. Ensure the ESV name exists in your staging and production environments before you promote your changes.

See Introduction to ESVs for further information.

See Also

How To Configure Service Credentials (Push Auth, Docker) in Backstage

FAQ: Push Services in Identity Cloud and AM

Push Services in Identity Cloud and AM

Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.