Loading…
Tilbage

Tidligere forum for Brugerstyring SWB. OIOSAML.NET - The signatur of the incoming message is invalid


Skrevet af wally highsmith — Gammelt datoformat: 2009 april 16 22:31

I keep getting the error: "The signature of the incoming message is invalid."  The error is coming from:

if

(!endp.OmitAssertionSignatureCheck)if (!assertion.CheckSignature(GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp)))

I've double and triple checked my certificate registrations and permissions.  I've gone through the metadata process several times, but still no luck. Any thoughts or suggestions?

Thanks.

 
Re: The signature of the incoming message is invalid
 Skrevet af wally highsmith — Gammelt datoformat: 2009 april 17 00:26
 More Info:

From an exception generated in:

IsSatisfiedBy(

The X.509 certificate CN=IdentityProvider, O=NITA, C=DK chain building failed.

The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.

The revocation function was unable to check revocation for the certificate.


Previously wally highsmith wrote:

 

I keep getting the error: "The signature of the incoming message is invalid."  The error is coming from:

 

if


(!endp.OmitAssertionSignatureCheck)if (!assertion.CheckSignature(GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp)))

 


I've double and triple checked my certificate registrations and permissions.  I've gone through the metadata process several times, but still no luck. Any thoughts or suggestions?

 

Thanks.
 
Re: The signature of the incoming message is invalid
Skrevet af Jørn Floor Andersen — Gammelt datoformat: 2009 juli 30 15:13

Wally, 

Did you find a solution for this problem?

Thanks.

Re: The signature of the incoming message is invalid
Skrevet af Martin Strandbygaard — Gammelt datoformat: 2009 oktober 14 19:35

Not sure if it's still relevant, but here's a possible solution:

Make sure you have a correct IDPEndpoints entry in the SAML20 section in your service provider web.config.

You'll get that error if you're missing an entry for the IdP you're authenticating with, because it uses the IDPEndpoints entry for the certificate validation implementation, and it makes a non-optimale default decision if it can't properly resolve the IdP you're authenticating with.

Post the SAML20 section from you're SP web.config and I'll confirm if it's the case.

Brgds