Hi,
Thanks Malithi for the response.
I tried, un-checking the Enable Response Signing , but even when I login as
admin I got the following exception
java.lang.NullPointerException
at
org.opensaml.xml.signature.SignatureValidator.buildSignature(SignatureValidator.java:91)
at
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:55)
at org.wso2.store.sso.common.util.Util.validateSignature(Util.java:290)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
.....
What I am missing here ?
@ES Team, could you please help me on how to import the public certificate
of a tenant to the publisher's key store. Where can I find the tenant's
public certificate
Thank you
Senduran
On Mon, Jan 19, 2015 at 8:10 PM, Malithi Edirisinghe <malit...@wso2.com>
wrote:
> Hii Senduran,
>
> There's a separate primary keystore generated for the tenant. Since you
> have enabled response signing also, the service provider that you have
> registered should know the public key of the IdP in order to validate.
> Hence, the service provider should have the public key of the IdP in it's
> keystore and validate the signature acquiring the respective alias. So in
> this case I think that you should import the public cert of the respective
> tenant to your publisher's keystore.
>
> Thanks,
> Malithi.
>
> On Mon, Jan 19, 2015 at 12:35 PM, Senduran Balasubramaniyam <
> sendu...@wso2.com> wrote:
>
>> Hi,
>>
>> I am experiencing $subject, with ES 2.0.0 M5. Following are the changes I
>> made to configure SSO.
>>
>> - Shared registry and user database between ES and IS
>> - In ES's user-mgt.xml, pointed the "UserStoreManager" to IS's
>> embedded LDAP
>> - Modified as following in publisher, store json
>>
>> "identityProviderURL": "https://localhost:<IS-Port>/samlsso"
>>
>>
>> - Created a Service provider for publisher and store in IS as follows
>>
>> SP for publisher
>>
>> Issuer: publisher
>>
>> Assertion Consumer URL: https://localhost:<ES-Port>/publisher/acs
>>
>> Use fully qualified username in the NameID
>>
>> Enable Response Signing
>>
>> Enable Assertion Signing
>>
>> Enable Single Logout
>>
>>
>> SP for store
>>
>> Issuer: store
>>
>> Assertion Consumer URL: https://localhost:<ES-Port>/store/acs
>>
>> Use fully qualified username in the NameID
>>
>> Enable Response Signing
>>
>> Enable Assertion Signing
>>
>> Enable Single Logout
>>
>>
>> When admin login the publisher behaviors as expected. (i.e page is
>> redirected to IS login and redirected to publisher, if already a sso
>> session is available directly goes to publisher)\
>> But when I log in as a tenant, the browser is redirected to
>> https://localhost:9443/publisher/acs and following exception is shown in
>> the console
>>
>> INFO {JAGGERY.controllers.login:jag} - Login URL:
>> https://localhost:9447/samlsso
>> org.opensaml.xml.validation.ValidationException: Signature did not
>> validate against the credential's key
>> at
>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
>> at org.wso2.store.sso.common.util.Util.validateSignature(Util.java:290)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
>> at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
>> at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
>> at
>> org.jaggeryjs.rhino.<sso>.scripts.c0._c_anonymous_3(<sso>/scripts/sso.client.js:50)
>> at org.jaggeryjs.rhino.<sso>.scripts.c0.call(<sso>/scripts/sso.client.js)
>> at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
>> at
>> org.jaggeryjs.rhino.publisher.controllers.c1._c_anonymous_1(/publisher/controllers/acs.jag:48)
>> at
>> org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag)
>> at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
>> at
>> org.jaggeryjs.rhino.publisher.controllers.c1._c_script_0(/publisher/controllers/acs.jag:20)
>> at
>> org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag)
>> at
>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
>> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
>> at
>> org.jaggeryjs.rhino.publisher.controllers.c1.call(/publisher/controllers/acs.jag)
>> at
>> org.jaggeryjs.rhino.publisher.controllers.c1.exec(/publisher/controllers/acs.jag)
>> at
>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
>> at
>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
>> at
>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:559)
>> at
>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338)
>> at
>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:183)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>> at
>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
>> at
>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:146)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
>> at
>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>> at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
>> at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> at java.lang.Thread.run(Thread.java:745)
>>
>> (My ES runs on default port and IS runs on port offset 4)
>>
>> Could you please help me to resolve this issue
>>
>> Thank you
>> Senduran
>>
>> --
>> *Senduran *
>> Software Engineer,
>> WSO2, Inc.; http://wso2.com/ <http://wso2.com/>
>> Mobile: +94 77 952 6548
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Malithi Edirisinghe*
> Senior Software Engineer
> WSO2 Inc.
>
> Mobile : +94 (0) 718176807
> malit...@wso2.com
>
--
*Senduran *
Software Engineer,
WSO2, Inc.; http://wso2.com/ <http://wso2.com/>
Mobile: +94 77 952 6548
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
