Hii Senduran, There's a separate primary keystore generated for the tenant. Since you have enabled response signing also, the service provider that you have registered should know the public key of the IdP in order to validate. Hence, the service provider should have the public key of the IdP in it's keystore and validate the signature acquiring the respective alias. So in this case I think that you should import the public cert of the respective tenant to your publisher's keystore.
Thanks, Malithi. On Mon, Jan 19, 2015 at 12:35 PM, Senduran Balasubramaniyam < sendu...@wso2.com> wrote: > Hi, > > I am experiencing $subject, with ES 2.0.0 M5. Following are the changes I > made to configure SSO. > > - Shared registry and user database between ES and IS > - In ES's user-mgt.xml, pointed the "UserStoreManager" to IS's > embedded LDAP > - Modified as following in publisher, store json > > "identityProviderURL": "https://localhost:<IS-Port>/samlsso" > > > - Created a Service provider for publisher and store in IS as follows > > SP for publisher > > Issuer: publisher > > Assertion Consumer URL: https://localhost:<ES-Port>/publisher/acs > > Use fully qualified username in the NameID > > Enable Response Signing > > Enable Assertion Signing > > Enable Single Logout > > > SP for store > > Issuer: store > > Assertion Consumer URL: https://localhost:<ES-Port>/store/acs > > Use fully qualified username in the NameID > > Enable Response Signing > > Enable Assertion Signing > > Enable Single Logout > > > When admin login the publisher behaviors as expected. (i.e page is > redirected to IS login and redirected to publisher, if already a sso > session is available directly goes to publisher)\ > But when I log in as a tenant, the browser is redirected to > https://localhost:9443/publisher/acs and following exception is shown in > the console > > INFO {JAGGERY.controllers.login:jag} - Login URL: > https://localhost:9447/samlsso > org.opensaml.xml.validation.ValidationException: Signature did not > validate against the credential's key > at > org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78) > at org.wso2.store.sso.common.util.Util.validateSignature(Util.java:290) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) > at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225) > at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) > at > org.jaggeryjs.rhino.<sso>.scripts.c0._c_anonymous_3(<sso>/scripts/sso.client.js:50) > at org.jaggeryjs.rhino.<sso>.scripts.c0.call(<sso>/scripts/sso.client.js) > at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) > at > org.jaggeryjs.rhino.publisher.controllers.c1._c_anonymous_1(/publisher/controllers/acs.jag:48) > at > org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag) > at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) > at > org.jaggeryjs.rhino.publisher.controllers.c1._c_script_0(/publisher/controllers/acs.jag:20) > at > org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag) > at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) > at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) > at > org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag) > at > org.jaggeryjs.rhino.publisher.controllers.c1.exec(/publisher/controllers/acs.jag) > at > org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) > at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) > at > org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:559) > at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748) > at > org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486) > at > org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378) > at > org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338) > at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:183) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:146) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > > (My ES runs on default port and IS runs on port offset 4) > > Could you please help me to resolve this issue > > Thank you > Senduran > > -- > *Senduran * > Software Engineer, > WSO2, Inc.; http://wso2.com/ <http://wso2.com/> > Mobile: +94 77 952 6548 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Malithi Edirisinghe* Senior Software Engineer WSO2 Inc. Mobile : +94 (0) 718176807 malit...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
