Spring til login

Digitaliser.dk

Sektioner

Aktuel side

Gruppens profilbillede

OIOSAML

301 medlemmer | Medlemsskab via fri tilmelding (Bliv medlem - kræver login )

Tidligere forum for Brugerstyring SWB. OIOSAML.NET - The signatur of the incoming message is invalid

Ansvarlig: Susan Oldenburg Christensen
Publiceret: 17.08.2010 14:24
Type: Dokument

Skrevet af wally highsmith — Gammelt datoformat: 2009 april 16 22:31

I keep getting the error: "The signature of the incoming message is invalid."  The error is coming from:

if

(!endp.OmitAssertionSignatureCheck)if (!assertion.CheckSignature(GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp)))

I've double and triple checked my certificate registrations and permissions.  I've gone through the metadata process several times, but still no luck. Any thoughts or suggestions?

Thanks.

 
Re: The signature of the incoming message is invalid
 Skrevet af wally highsmith — Gammelt datoformat: 2009 april 17 00:26
 More Info:

From an exception generated in:

IsSatisfiedBy(

The X.509 certificate CN=IdentityProvider, O=NITA, C=DK chain building failed.

The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.

The revocation function was unable to check revocation for the certificate.


Previously wally highsmith wrote:

 

I keep getting the error: "The signature of the incoming message is invalid."  The error is coming from:

 

if


(!endp.OmitAssertionSignatureCheck)if (!assertion.CheckSignature(GetTrustedSigners(endp.metadata.GetKeys(KeyTypes.signing), endp)))

 


I've double and triple checked my certificate registrations and permissions.  I've gone through the metadata process several times, but still no luck. Any thoughts or suggestions?

 

Thanks.
 
Re: The signature of the incoming message is invalid
Skrevet af Jørn Floor Andersen — Gammelt datoformat: 2009 juli 30 15:13

Wally, 

Did you find a solution for this problem?

Thanks.

Re: The signature of the incoming message is invalid
Skrevet af Martin Strandbygaard — Gammelt datoformat: 2009 oktober 14 19:35

Not sure if it's still relevant, but here's a possible solution:

Make sure you have a correct IDPEndpoints entry in the SAML20 section in your service provider web.config.

You'll get that error if you're missing an entry for the IdP you're authenticating with, because it uses the IDPEndpoints entry for the certificate validation implementation, and it makes a non-optimale default decision if it can't properly resolve the IdP you're authenticating with.

Post the SAML20 section from you're SP web.config and I'll confirm if it's the case.

Brgds

Flere oplysninger

Artefakter

Klassifikationer

Indlæg til ressource

Ønsker du at skrive indlæg eller blot kommentere indlæg,
skal du være oprettet som bruger og logget ind.

Opret dig som Ny bruger    eller Log ind    

Tilføj fil(er)

En ny fil vil overskrive en eksisterende fil, hvis begge filer har samme navn og samme ekstension.

Tags

Tilføj dine egne tags

- (kræver login)

Andre brugeres tags til ressourcen

Der er ikke tilknyttet tags fra andre brugere

Minimér boks
Versioner
Version Dato
Ukendt (valgte) 17.08.2010 14:24 Vis supplerende information ...

Digitaliseringsstyrelsen