This error message means that signature on the the SAML message could not be validated using the certificate in the JKS truststore.  If this issue occurs for all requests the certificate in the JKS truststore may not be the same one the partner is using for signing.   If this error occurs intermittently it may mean that the SAML payload was corrupted or that there is some problem with the digest calculation of the XML. 

The way the XML transforms are applied or the way the document is encoded and decoded may affect the digest that is derived from hashing the data that is signed. 

For example if the SAML assertion contains attributes with UTF-8 encoded data, the hashing may produce different digests if the data is encoded incorrectly.

This is a known issue with PING Federate 5.1 or earlier when the digest calculation is done in unix and the attributes contain extended characters in UTF-8 format. 

For example the following attribute with french characters causes a digest calculation that is incorrect. 

        <saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Frédérique</saml:AttributeValue>