This discussion is archived
1 Reply Latest reply: Jun 7, 2012 9:15 PM by 802607 RSS

SAMLUtils.checkSignatureValid: Couldn't verify signature.

811192 Newbie
Currently Being Moderated
Hi,

When i try to the SAML post. I receive the below error message.

</ds:Signature><samlp:Status><samlp:StatusCode Value="samlp:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_2a1708489b7c0a59481ab12aaf855362" IssueInstant="2012-03-27T18:21:36Z" Issuer="econnectng07.test.com:443" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2012-03-27T18:21:36Z" NotOnOrAfter="2012-03-27T18:26:36Z"/><saml:AuthenticationStatement AuthenticationInstant="2012-03-27T18:21:02Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:HardwareToken"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">uid=test,ou=People,ou=AMIND,dc=amat,dc=com </saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:SubjectLocality IPAddress="10.208.155.122"/></saml:AuthenticationStatement></saml:Assertion></samlp:Response>
libSAML:03/27/2012 11:21:37:067 AM PDT: Thread[service-j2ee-103,5,main]
getWSSTTokenProfilePublicKey: entering
libSAML:03/27/2012 11:21:37:067 AM PDT: Thread[service-j2ee-103,5,main]
Could not find a KeyInfo, try to use certAlias
libSAML:03/27/2012 11:21:37:068 AM PDT: Thread[service-j2ee-103,5,main]
SAMLUtils.checkSignatureValid: Couldn't verify signature.
libSAML:03/27/2012 11:21:37:068 AM PDT: Thread[service-j2ee-103,5,main]
verifyResponse: Response's signature is invalid.
libSAML:03/27/2012 11:21:37:069 AM PDT: Thread[service-j2ee-103,5,main]
SAMLUtils.sendError: error page/saml2/jsp/saml2error.jsp
libSAML2:03/27/2012 11:21:41:021 AM PDT: Thread[SystemTimerPool,5,main]
CacheCleanUpRunnable.run:

This is SAML 1 post and i have the client certificate imported in my saml keystore also. Appreciate your help.
libSAML:03/27/2012 11:22:34:002 AM PDT: Thread[SystemTimerPool,5,main]
Clean up runnable wakes up..
libSAML:03/27/2012 11:22:34:002 AM PDT: Thread[SystemTimerPool,5,main]
AssertionManager::CleanUpThread::number of assertions in IdEntryMap:0
[root@dca-ldap-stg1 debug]# pwd
  • 1. Re: SAMLUtils.checkSignatureValid: Couldn't verify signature.
    802607 Explorer
    Currently Being Moderated
    You've cut-off the digital signature from the SAML response in your posting, and haven't provided any information about the digital certificate in your keystore. How can one respond to your problem?

    Is the client certificate in your keystore responsible for signing the SAML assertion? If not, do you have the SAML service's digital certificate accessible to your verifier program in your keystore? If not, you need to import the signer's digital certificate into your keystore, verify that it is there, and then run your program again.

    Arshad Noor
    StrongAuth, Inc.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points