On Thu, Oct 30, 2014 at 4:27 PM, Isura Karunaratne <is...@wso2.com> wrote:
> Hi, > > You have to import the public certificate of IS to wso2carbon.jks > keystore inside the travelociy. You can use java keytool to export and > import certificate. Thanks. > And also you have to import the public certificate of travelocity application to Identity Server keystore too. > > Regards, > Isura. > > > On Thu, Oct 30, 2014 at 4:11 PM, Maheeka Jayasuriya <mahe...@wso2.com> > wrote: > >> Hi, >> >> I am executing $subject sample [1]. >> >> When I try to login to travelocity.com with SAML2 using Identity Server >> as in the sample, I am getting error as "Error when processing the >> authentication request! " [2] >> >> I have attached the debug log also below [3] which says "Signature >> validation for Authentication Request failed." >> >> Any idea if am I doing something wrong here? >> >> [1] https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO >> >> [2] >> https://docs.google.com/a/wso2.com/file/d/0B_Ml_gi-3jYrak96XzFNNThFZTQ/edit >> >> [3] >> >> [2014-10-30 15:59:08,425] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - In authentication flow >> [2014-10-30 15:59:08,426] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Executing the Step Based Authentication... >> [2014-10-30 15:59:08,426] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Starting Step: 1 >> [2014-10-30 15:59:08,426] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} >> - Finding already authenticated IdPs of the Step >> [2014-10-30 15:59:08,426] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - Receive a response from the external party >> [2014-10-30 15:59:08,426] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - BasicAuthenticator can handle the request. >> [2014-10-30 15:59:08,436] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - BasicAuthenticator returned: SUCCESS_COMPLETED >> [2014-10-30 15:59:08,436] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Step 1 is completed. Going to get the next one. >> [2014-10-30 15:59:08,437] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - There are no more steps to execute >> [2014-10-30 15:59:08,437] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Request is successfully authenticated >> [2014-10-30 15:59:08,437] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Handling Post Authentication tasks >> [2014-10-30 15:59:08,437] DEBUG >> {org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil} >> - JWT Header :{"typ":"JWT", "alg":"none"} >> [2014-10-30 15:59:08,437] DEBUG >> {org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil} >> - JWT Body >> :{"iss":"wso2","exp":14146649484373000,"iat":1414664948437,"idps":[{"idp":"LOCAL","authenticator":"BasicAuthenticator"}]} >> [2014-10-30 15:59:08,442] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Step processing is completed >> [2014-10-30 15:59:08,442] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Concluding the Authentication Flow >> [2014-10-30 15:59:08,444] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Sending response back to: /samlsso... >> commonAuthAuthenticated: true >> authenticatedUser: admin >> authenticatedIdPs: >> eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNDE0NjY0OTQ4NDM3MzAwMCwiaWF0IjoxNDE0NjY0OTQ4NDM3LCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19. >> sessionDataKey: 10c24bb5-c8a2-485b-a8c1-714bf1942765 >> [2014-10-30 15:59:08,448] DEBUG >> {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query >> string : sessionDataKey=10c24bb5-c8a2-485b-a8c1-714bf1942765 >> [2014-10-30 15:59:08,454] DEBUG >> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Validating SAML >> Request signature >> [2014-10-30 15:59:08,454] DEBUG >> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message >> <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> AssertionConsumerServiceURL=" >> http://localhost:8080/travelocity.com/home.jsp" Destination=" >> https://localhost:9443/samlsso" ForceAuthn="false" ID="0" >> IsPassive="false" IssueInstant="2014-10-30T10:28:43.580Z" >> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Version="2.0"><samlp:Issuer >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">travelocity.com</samlp:Issuer><saml2p:NameIDPolicy >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AllowCreate="true" >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" >> SPNameQualifier="Issuer"/><saml2p:RequestedAuthnContext >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> Comparison="exact"><saml:AuthnContextClassRef >> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml2p:RequestedAuthnContext></samlp:AuthnRequest> >> [2014-10-30 15:59:08,459] DEBUG >> {org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator} >> - Constructing signed content string from URL query string >> SAMLRequest=nZPdjtMwEIVfJfJ9fpoWKVhNVqXVikoLhDbLxd4Zd0qNHDt4Jt3u2%2BMkLQQEVbW3npkzZ74Zz%2B9OtQ6O4FBZk7NJlLAAjLQ7Zb7l7LG6DzN2V8xR1Lrhi5YOZgM%2FWkAKfJ1B3gdy1jrDrUCF3IgakJPk28WHB55GCW%2BcJSutZsECERz5RktrsK3BbcEdlYTHzUPODkQNj2NtpdAHi8SzJEticuII%2Fk3RSyRtHR9sDdF3bFiw8iaUEdT77orxj%2Bq3s9k07twhWhbcWyeht5%2BzvdAILFivcuaHXWMpENURfgcQW1gbJGEoZ2kymYWTJJwm1SThacZn0%2BhNljyxoDzP9U6ZgdY1CF%2BHJOTvq6oMy0%2FbigVfLtR9Arsw7ru72%2BmKC1NW%2FMVqHo8VB%2F204R%2B9xHpVWq3ky6hNevsWtbbPSweCPDNyLfR4a0HXBboXtQv3fSpvutmRwBALtmXn6XMrtNorcDkbHLP4l%2BfzzcGuX6G%2FHoITvcr80taNcAo77HASks7g%2BVh5qT3VDexHHW5ewtU0yWUn7Z%2B7o3u2btcdEUg%2FWeWEwcY6Gtb2Tz%2FFEPsfkOKy8fE%2FLX4C&SigAlg=http%3A%2F% >> 2Fwww.w3.org >> %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TTSDF7uYaFw%2FEu%2B0oUOm71%2B4ZMn4nYl3NQV5TyNv45vJWZW%2BT%2BSNwwJbc6rt7A5kgN8L88mY8H%2BMOyKM%2FGW7CS%2FXn4ZIwM9rpPjBrZCHsXWRdnfXr5WK0qH5Hiqj2448GsLlTYVtwU%2FOPHBufe2eES4w8quMFhXlJC4jBsdOmX0%3D >> [2014-10-30 15:59:08,459] DEBUG >> {org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator} >> - Constructed signed content string for HTTP-Redirect DEFLATE >> SAMLRequest=nZPdjtMwEIVfJfJ9fpoWKVhNVqXVikoLhDbLxd4Zd0qNHDt4Jt3u2%2BMkLQQEVbW3npkzZ74Zz%2B9OtQ6O4FBZk7NJlLAAjLQ7Zb7l7LG6DzN2V8xR1Lrhi5YOZgM%2FWkAKfJ1B3gdy1jrDrUCF3IgakJPk28WHB55GCW%2BcJSutZsECERz5RktrsK3BbcEdlYTHzUPODkQNj2NtpdAHi8SzJEticuII%2Fk3RSyRtHR9sDdF3bFiw8iaUEdT77orxj%2Bq3s9k07twhWhbcWyeht5%2BzvdAILFivcuaHXWMpENURfgcQW1gbJGEoZ2kymYWTJJwm1SThacZn0%2BhNljyxoDzP9U6ZgdY1CF%2BHJOTvq6oMy0%2FbigVfLtR9Arsw7ru72%2BmKC1NW%2FMVqHo8VB%2F204R%2B9xHpVWq3ky6hNevsWtbbPSweCPDNyLfR4a0HXBboXtQv3fSpvutmRwBALtmXn6XMrtNorcDkbHLP4l%2BfzzcGuX6G%2FHoITvcr80taNcAo77HASks7g%2BVh5qT3VDexHHW5ewtU0yWUn7Z%2B7o3u2btcdEUg%2FWeWEwcY6Gtb2Tz%2FFEPsfkOKy8fE%2FLX4C&SigAlg=http%3A%2F% >> 2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1 >> [2014-10-30 15:59:08,471] WARN >> {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} >> - Signature validation for Authentication Request failed. >> >> Thanks, >> >> Maheeka Jayasuriya >> Software Engineer >> Mobile : +94777750661 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Isura Dilhara Karunaratne > Software Engineer > > Mob +94 772 254 810 > > -- Isura Dilhara Karunaratne Software Engineer Mob +94 772 254 810
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev