Loading…
Tilbage

Tidligere forum for Brugerstyring SWB. OIOSAML.java - Certificate problem ? Signature validation


Skrevet af Sébastien PIAU — Gammelt datoformat: 2009 april 01 18:30

Hello,

As a newbye I don't know how to deal with this error :

2009-04-01 17:58:47,375 WARN [OIOSamlObject] -
org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key
    at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
    at dk.itst.oiosaml.sp.model.OIOSamlObject.verifySignature(OIOSamlObject.java:179)
    at dk.itst.oiosaml.sp.model.OIOResponse.validateResponse(OIOResponse.java:107)
    at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handleSAMLResponse(SAMLAssertionConsumerHandler.java:128)
    at dk.itst.oiosaml.sp.service.SAMLAssertionConsumerHandler.handlePost(SAMLAssertionConsumerHandler.java:91)
    at dk.itst.oiosaml.sp.service.DispatcherServlet.doPost(DispatcherServlet.java:161)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
    at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
    at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
    at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
    at java.lang.Thread.run(Thread.java:595)

It should be a certificate common problem, I haven't experiment this kind of problem yet.
Does anybody can explain me the signature validation scheme?

Regards,

Sébastien
 
Re: Certificate problem ? Signature validation
Skrevet af Joakim Recht — Gammelt datoformat: 2009 april 02 15:49

Hi

This happens when the IdP certificate does not match the one in the IdP metadata file. Either you're using the wrong metadata, or the IdP is not configured correctly.

Regards,
Joakim
   
Re: Certificate problem ? Signature validation
Skrevet af Sébastien PIAU — Gammelt datoformat: 2009 april 06 18:26
 
Joakim,


I'll try to explain you what occurs exactly :

1) our partner sends me a assertion response as a XML file. While reading it, I have the following pb :

2009-04-06 18:13:01,828 ERROR [DispatcherServlet] -
java.lang.IllegalArgumentException: No metadata found for federation.gsk.com
    at dk.itst.oiosaml.sp.metadata.IdpMetadata.getMetadata(IdpMetadata.java:124)

2) If I try to make the Idp metadata file myself, no certificate is found.

3) I've tried to add the certificate myself (with a public certificate from my partner), but It seems to be wrong as you can see previously.


I wan't to be sure not to have forgotten something important in configuration step. Could you help me please?

Thanks.

Sebastien
 
Re: Certificate problem ? Signature validation
Skrevet af Joakim Recht — Gammelt datoformat: 2009 april 08 19:25

Hi

The error indicates that the response comes from an IdP for which you have no metadata (federation.gsk.com). Check your IdP metadata files and make sure there is one .xml file which contains an EntityDescriptor with EntityID="federation.gsk.com"