1 Reply Latest reply: Jun 7, 2012 11:15 PM by Arshad Noor RSS

    SAMLUtils.checkSignatureValid: Couldn't verify signature.

    user10427465
      Hi,

      When i try to the SAML post. I receive the below error message.

      </ds:Signature><samlp:Status><samlp:StatusCode Value="samlp:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_2a1708489b7c0a59481ab12aaf855362" IssueInstant="2012-03-27T18:21:36Z" Issuer="econnectng07.test.com:443" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2012-03-27T18:21:36Z" NotOnOrAfter="2012-03-27T18:26:36Z"/><saml:AuthenticationStatement AuthenticationInstant="2012-03-27T18:21:02Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:HardwareToken"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">uid=test,ou=People,ou=AMIND,dc=amat,dc=com </saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:SubjectLocality IPAddress="10.208.155.122"/></saml:AuthenticationStatement></saml:Assertion></samlp:Response>
      libSAML:03/27/2012 11:21:37:067 AM PDT: Thread[service-j2ee-103,5,main]
      getWSSTTokenProfilePublicKey: entering
      libSAML:03/27/2012 11:21:37:067 AM PDT: Thread[service-j2ee-103,5,main]
      Could not find a KeyInfo, try to use certAlias
      libSAML:03/27/2012 11:21:37:068 AM PDT: Thread[service-j2ee-103,5,main]
      SAMLUtils.checkSignatureValid: Couldn't verify signature.
      libSAML:03/27/2012 11:21:37:068 AM PDT: Thread[service-j2ee-103,5,main]
      verifyResponse: Response's signature is invalid.
      libSAML:03/27/2012 11:21:37:069 AM PDT: Thread[service-j2ee-103,5,main]
      SAMLUtils.sendError: error page/saml2/jsp/saml2error.jsp
      libSAML2:03/27/2012 11:21:41:021 AM PDT: Thread[SystemTimerPool,5,main]
      CacheCleanUpRunnable.run:

      This is SAML 1 post and i have the client certificate imported in my saml keystore also. Appreciate your help.
      libSAML:03/27/2012 11:22:34:002 AM PDT: Thread[SystemTimerPool,5,main]
      Clean up runnable wakes up..
      libSAML:03/27/2012 11:22:34:002 AM PDT: Thread[SystemTimerPool,5,main]
      AssertionManager::CleanUpThread::number of assertions in IdEntryMap:0
      [root@dca-ldap-stg1 debug]# pwd
        • 1. Re: SAMLUtils.checkSignatureValid: Couldn't verify signature.
          Arshad Noor
          You've cut-off the digital signature from the SAML response in your posting, and haven't provided any information about the digital certificate in your keystore. How can one respond to your problem?

          Is the client certificate in your keystore responsible for signing the SAML assertion? If not, do you have the SAML service's digital certificate accessible to your verifier program in your keystore? If not, you need to import the signer's digital certificate into your keystore, verify that it is there, and then run your program again.

          Arshad Noor
          StrongAuth, Inc.