Spring til login

Digitaliser.dk

Sektioner

Aktuel side

Gruppens profilbillede

OIOSAML

289 medlemmer | Medlemsskab via fri tilmelding (Bliv medlem - kræver login )

Tidligere forum for Brugerstyring SWB. OIOSAML.java - Certificate problem ? Signature validation

Ansvarlig: Susan Oldenburg Christensen
Publiceret: 17.08.2010
Type: Dokument

Skrevet af Sébastien PIAU — Gammelt datoformat: 2009 april 01 18:30

Hello,

As a newbye I don't know how to deal with this error :

2009-04-01 17:58:47,375 WARN [OIOSamlObject] -
org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key
    at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
    at dk.itst.oiosaml.sp.model.OIOSamlObject.verifySignature(OIOSamlObject.java:179)
    at dk.itst.oiosaml.sp.model.OIOResponse.validateResponse(OIOResponse.java:107)
    at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleSAMLResponse(SAMLAssertionConsumerHandler.java:128)
    at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handlePost(SAMLAssertionConsumerHandler.java:91)
    at dk.itst.oiosaml.sp.service.DispatcherServlet.doPost(DispatcherServlet.java:161)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
    at java.lang.Thread.run(Thread.java:595)

It should be a certificate common problem, I haven't experiment this kind of problem yet.
Does anybody can explain me the signature validation scheme?

Regards,

Sébastien
 
Re: Certificate problem ? Signature validation
Skrevet af Joakim Recht — Gammelt datoformat: 2009 april 02 15:49

Hi

This happens when the IdP certificate does not match the one in the IdP metadata file. Either you're using the wrong metadata, or the IdP is not configured correctly.

Regards,
Joakim
   
Re: Certificate problem ? Signature validation
Skrevet af Sébastien PIAU — Gammelt datoformat: 2009 april 06 18:26
 
Joakim,


I'll try to explain you what occurs exactly :

1) our partner sends me a assertion response as a XML file. While reading it, I have the following pb :

2009-04-06 18:13:01,828 ERROR [DispatcherServlet] -
java.lang.IllegalArgumentException: No metadata found for federation.gsk.com
    at dk.itst.oiosaml.sp.metadata.IdpMetadata.getMetadata(IdpMetadata.java:124)

2) If I try to make the Idp metadata file myself, no certificate is found.

3) I've tried to add the certificate myself (with a public certificate from my partner), but It seems to be wrong as you can see previously.


I wan't to be sure not to have forgotten something important in configuration step. Could you help me please?

Thanks.

Sebastien
 
Re: Certificate problem ? Signature validation
Skrevet af Joakim Recht — Gammelt datoformat: 2009 april 08 19:25

Hi

The error indicates that the response comes from an IdP for which you have no metadata (federation.gsk.com). Check your IdP metadata files and make sure there is one .xml file which contains an EntityDescriptor with EntityID="federation.gsk.com"

Flere oplysninger

Artefakter

Klassifikationer

Indlæg til ressource

Ønsker du at skrive indlæg eller blot kommentere indlæg,
skal du være oprettet som bruger og logget ind.

Opret dig som Ny bruger    eller Log ind    

Tilføj fil(er)

En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.

Tags

Tilføj dine egne tags

- (kræver login)

Andre brugeres tags til ressourcen

Der er ikke tilknyttet tags fra andre brugere

Minimér boks
Versioner
Version Dato
Ukendt (valgte) 17.08.2010 Vis supplerende information ...

Digitaliseringsstyrelsen