Hi Thusitha, Check if you have selected 'wso2carbon' as the certificate alias for signature validation.
[image: Inline image 1] On Wed, Feb 11, 2015 at 5:13 PM, Thusitha Thilina Dayaratne < [email protected]> wrote: > Hi All, > > I have gone through the steps in [1], to run the *Configuring Single > Sign-On with SAML 2.0 sample *in the IS 5.0.0. > When I try to login using admin/admin I'm getting following error > > [image: Inline image 1] > > In the IS console > > [2015-02-11 17:10:56,627] WARN > {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} > - *Signature validation for Authentication Request failed*. > > Using log4j.logger.org.wso2.carbon.identity=DEBUG > > [2015-02-11 17:04:10,856] DEBUG > {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query > string : > SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% > 2Fwww.w3.org > %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gjnmwL3nruOUgRGotCoAxR1U3x7dKAw36MFQpn%2FBQbIl%2FlsX20cbQ6TkRBHsmVUYPX6DjTSSykEhkjme1mHsPOfNSTamIA29i%2Fsg8eXWJS47OeFrUaYutmFTNMHm%2F1MP3c92AppLoClLGd7Uza8RgywiXi%2FELvLLWL0qzTvb2O4%3D > [2015-02-11 17:04:10,857] DEBUG > {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message > <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > AssertionConsumerServiceURL=" > http://localhost:8080/travelocity.com/home.jsp"; Destination=" > https://localhost:9443/samlsso"; ForceAuthn="false" ID="0" > IsPassive="false" IssueInstant="2015-02-11T11:34:10.852Z" > ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Version="2.0"><samlp:Issuer > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">travelocity.com</samlp:Issuer><saml2p:NameIDPolicy > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AllowCreate="true" > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" > SPNameQualifier="Issuer"/><saml2p:RequestedAuthnContext > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > Comparison="exact"><saml:AuthnContextClassRef > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml2p:RequestedAuthnContext></samlp:AuthnRequest> > [2015-02-11 17:04:10,858] DEBUG > {org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator} > - Authentication Request Validation is successful.. > [2015-02-11 17:04:10,861] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Initializing the flow > [2015-02-11 17:04:10,861] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - The query-string sent by the calling servlet is: > SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% > 2Fwww.w3.org > %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gjnmwL3nruOUgRGotCoAxR1U3x7dKAw36MFQpn%2FBQbIl%2FlsX20cbQ6TkRBHsmVUYPX6DjTSSykEhkjme1mHsPOfNSTamIA29i%2Fsg8eXWJS47OeFrUaYutmFTNMHm%2F1MP3c92AppLoClLGd7Uza8RgywiXi%2FELvLLWL0qzTvb2O4%3D&relyingParty= > travelocity.com > &sessionDataKey=166ec0b0-19b9-4531-b4c6-eb9b6ba0b40d&type=samlsso&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false > [2015-02-11 17:04:10,861] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Framework contextId: b55b5935-c834-43c9-8c0f-25548ea57da1 > [2015-02-11 17:04:10,861] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Starting an authentication flow > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - In authentication flow > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - Starting the sequence > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - Force Authenticate: false > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - Re-Authenticate: false > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - Passive Authenticate: false > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Executing the Step Based Authentication... > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Starting Step: 1 > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} > - Finding already authenticated IdPs of the Step > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} > - Step contains only a single IdP. Going to call it directly > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade} > - Trying to find the IdP for name: LOCAL > [2015-02-11 17:04:10,863] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade} > - A registered IdP was found > [2015-02-11 17:04:10,864] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} > - BasicAuthenticator returned: INCOMPLETE > [2015-02-11 17:04:10,864] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} > - BasicAuthenticator is redirecting > [2015-02-11 17:04:10,864] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Step is not complete yet. Redirecting to outside. > [2015-02-11 17:04:38,821] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - In authentication flow > [2015-02-11 17:04:38,822] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Executing the Step Based Authentication... > [2015-02-11 17:04:38,822] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Starting Step: 1 > [2015-02-11 17:04:38,822] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} > - Finding already authenticated IdPs of the Step > [2015-02-11 17:04:38,823] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} > - Receive a response from the external party > [2015-02-11 17:04:38,823] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} > - BasicAuthenticator can handle the request. > [2015-02-11 17:04:38,854] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} > - BasicAuthenticator returned: SUCCESS_COMPLETED > [2015-02-11 17:04:38,854] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Step 1 is completed. Going to get the next one. > [2015-02-11 17:04:38,854] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - There are no more steps to execute > [2015-02-11 17:04:38,854] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Request is successfully authenticated > [2015-02-11 17:04:38,854] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Handling Post Authentication tasks > [2015-02-11 17:04:38,855] DEBUG > {org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil} > - JWT Header :{"typ":"JWT", "alg":"none"} > [2015-02-11 17:04:38,855] DEBUG > {org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil} > - JWT Body > :{"iss":"wso2","exp":14236544788553000,"iat":1423654478855,"idps":[{"idp":"LOCAL","authenticator":"BasicAuthenticator"}]} > [2015-02-11 17:04:38,857] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} > - Step processing is completed > [2015-02-11 17:04:38,858] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - Concluding the Authentication Flow > [2015-02-11 17:04:38,858] DEBUG > {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} > - Sending response back to: /samlsso... > commonAuthAuthenticated: true > authenticatedUser: admin > authenticatedIdPs: > eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNDIzNjU0NDc4ODU1MzAwMCwiaWF0IjoxNDIzNjU0NDc4ODU1LCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19. > sessionDataKey: 166ec0b0-19b9-4531-b4c6-eb9b6ba0b40d > [2015-02-11 17:04:38,862] DEBUG > {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query > string : sessionDataKey=166ec0b0-19b9-4531-b4c6-eb9b6ba0b40d > [2015-02-11 17:04:38,863] DEBUG > {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Validating SAML > Request signature > [2015-02-11 17:04:38,864] DEBUG > {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message > <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > AssertionConsumerServiceURL=" > http://localhost:8080/travelocity.com/home.jsp"; Destination=" > https://localhost:9443/samlsso"; ForceAuthn="false" ID="0" > IsPassive="false" IssueInstant="2015-02-11T11:34:10.852Z" > ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > Version="2.0"><samlp:Issuer > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">travelocity.com</samlp:Issuer><saml2p:NameIDPolicy > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AllowCreate="true" > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" > SPNameQualifier="Issuer"/><saml2p:RequestedAuthnContext > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > Comparison="exact"><saml:AuthnContextClassRef > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml2p:RequestedAuthnContext></samlp:AuthnRequest> > [2015-02-11 17:04:38,865] DEBUG > {org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator} > - Constructing signed content string from URL query string > SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% > 2Fwww.w3.org > %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gjnmwL3nruOUgRGotCoAxR1U3x7dKAw36MFQpn%2FBQbIl%2FlsX20cbQ6TkRBHsmVUYPX6DjTSSykEhkjme1mHsPOfNSTamIA29i%2Fsg8eXWJS47OeFrUaYutmFTNMHm%2F1MP3c92AppLoClLGd7Uza8RgywiXi%2FELvLLWL0qzTvb2O4%3D > [2015-02-11 17:04:38,866] DEBUG > {org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator} > - Constructed signed content string for HTTP-Redirect DEFLATE > SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% > 2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1 > [2015-02-11 17:04:38,866] WARN > {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} > - Signature validation for Authentication Request failed. > > > Any help to get around this would be really nice. > > [1] - > https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0 > > > Thanks > -- > Thusitha Dayaratne > Software Engineer | WSO2 Inc > > Email [email protected] > Mobile +94712756809 > Blog alokayasoya.blogspot.com > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Identity Server Team mobile : +94 775 181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
