Hi, Thanks Malithi for the response. I tried, un-checking the Enable Response Signing , but even when I login as admin I got the following exception java.lang.NullPointerException at org.opensaml.xml.signature.SignatureValidator.buildSignature(SignatureValidator.java:91) at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:55) at org.wso2.store.sso.common.util.Util.validateSignature(Util.java:290) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ..... What I am missing here ?
@ES Team, could you please help me on how to import the public certificate of a tenant to the publisher's key store. Where can I find the tenant's public certificate Thank you Senduran On Mon, Jan 19, 2015 at 8:10 PM, Malithi Edirisinghe <malit...@wso2.com> wrote: > Hii Senduran, > > There's a separate primary keystore generated for the tenant. Since you > have enabled response signing also, the service provider that you have > registered should know the public key of the IdP in order to validate. > Hence, the service provider should have the public key of the IdP in it's > keystore and validate the signature acquiring the respective alias. So in > this case I think that you should import the public cert of the respective > tenant to your publisher's keystore. > > Thanks, > Malithi. > > On Mon, Jan 19, 2015 at 12:35 PM, Senduran Balasubramaniyam < > sendu...@wso2.com> wrote: > >> Hi, >> >> I am experiencing $subject, with ES 2.0.0 M5. Following are the changes I >> made to configure SSO. >> >> - Shared registry and user database between ES and IS >> - In ES's user-mgt.xml, pointed the "UserStoreManager" to IS's >> embedded LDAP >> - Modified as following in publisher, store json >> >> "identityProviderURL": "https://localhost:<IS-Port>/samlsso" >> >> >> - Created a Service provider for publisher and store in IS as follows >> >> SP for publisher >> >> Issuer: publisher >> >> Assertion Consumer URL: https://localhost:<ES-Port>/publisher/acs >> >> Use fully qualified username in the NameID >> >> Enable Response Signing >> >> Enable Assertion Signing >> >> Enable Single Logout >> >> >> SP for store >> >> Issuer: store >> >> Assertion Consumer URL: https://localhost:<ES-Port>/store/acs >> >> Use fully qualified username in the NameID >> >> Enable Response Signing >> >> Enable Assertion Signing >> >> Enable Single Logout >> >> >> When admin login the publisher behaviors as expected. (i.e page is >> redirected to IS login and redirected to publisher, if already a sso >> session is available directly goes to publisher)\ >> But when I log in as a tenant, the browser is redirected to >> https://localhost:9443/publisher/acs and following exception is shown in >> the console >> >> INFO {JAGGERY.controllers.login:jag} - Login URL: >> https://localhost:9447/samlsso >> org.opensaml.xml.validation.ValidationException: Signature did not >> validate against the credential's key >> at >> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78) >> at org.wso2.store.sso.common.util.Util.validateSignature(Util.java:290) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >> at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225) >> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >> at >> org.jaggeryjs.rhino.<sso>.scripts.c0._c_anonymous_3(<sso>/scripts/sso.client.js:50) >> at org.jaggeryjs.rhino.<sso>.scripts.c0.call(<sso>/scripts/sso.client.js) >> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >> at >> org.jaggeryjs.rhino.publisher.controllers.c1._c_anonymous_1(/publisher/controllers/acs.jag:48) >> at >> org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag) >> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >> at >> org.jaggeryjs.rhino.publisher.controllers.c1._c_script_0(/publisher/controllers/acs.jag:20) >> at >> org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag) >> at >> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >> at >> org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag) >> at >> org.jaggeryjs.rhino.publisher.controllers.c1.exec(/publisher/controllers/acs.jag) >> at >> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >> at >> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >> at >> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:559) >> at >> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748) >> at >> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486) >> at >> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378) >> at >> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338) >> at >> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:183) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >> at >> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) >> at >> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:146) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:745) >> >> (My ES runs on default port and IS runs on port offset 4) >> >> Could you please help me to resolve this issue >> >> Thank you >> Senduran >> >> -- >> *Senduran * >> Software Engineer, >> WSO2, Inc.; http://wso2.com/ <http://wso2.com/> >> Mobile: +94 77 952 6548 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > *Malithi Edirisinghe* > Senior Software Engineer > WSO2 Inc. > > Mobile : +94 (0) 718176807 > malit...@wso2.com > -- *Senduran * Software Engineer, WSO2, Inc.; http://wso2.com/ <http://wso2.com/> Mobile: +94 77 952 6548
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev