Hi Tharindu I was having wso2carbon.cert as Alias. When I changed that to wso2carbon it is working fine. Thanks a lot for pointing it out.
Best Regards On Wed, Feb 11, 2015 at 5:25 PM, Tharindu Edirisinghe <[email protected]> wrote: > Hi Thusitha, > > Check if you have selected 'wso2carbon' as the certificate alias for > signature validation. > > [image: Inline image 1] > > On Wed, Feb 11, 2015 at 5:13 PM, Thusitha Thilina Dayaratne < > [email protected]> wrote: > >> Hi All, >> >> I have gone through the steps in [1], to run the *Configuring Single >> Sign-On with SAML 2.0 sample *in the IS 5.0.0. >> When I try to login using admin/admin I'm getting following error >> >> [image: Inline image 1] >> >> In the IS console >> >> [2015-02-11 17:10:56,627] WARN >> {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} >> - *Signature validation for Authentication Request failed*. >> >> Using log4j.logger.org.wso2.carbon.identity=DEBUG >> >> [2015-02-11 17:04:10,856] DEBUG >> {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query >> string : >> SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% >> 2Fwww.w3.org >> %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gjnmwL3nruOUgRGotCoAxR1U3x7dKAw36MFQpn%2FBQbIl%2FlsX20cbQ6TkRBHsmVUYPX6DjTSSykEhkjme1mHsPOfNSTamIA29i%2Fsg8eXWJS47OeFrUaYutmFTNMHm%2F1MP3c92AppLoClLGd7Uza8RgywiXi%2FELvLLWL0qzTvb2O4%3D >> [2015-02-11 17:04:10,857] DEBUG >> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message >> <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> AssertionConsumerServiceURL=" >> http://localhost:8080/travelocity.com/home.jsp"; Destination=" >> https://localhost:9443/samlsso"; ForceAuthn="false" ID="0" >> IsPassive="false" IssueInstant="2015-02-11T11:34:10.852Z" >> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Version="2.0"><samlp:Issuer >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">travelocity.com</samlp:Issuer><saml2p:NameIDPolicy >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AllowCreate="true" >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" >> SPNameQualifier="Issuer"/><saml2p:RequestedAuthnContext >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> Comparison="exact"><saml:AuthnContextClassRef >> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml2p:RequestedAuthnContext></samlp:AuthnRequest> >> [2015-02-11 17:04:10,858] DEBUG >> {org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator} >> - Authentication Request Validation is successful.. >> [2015-02-11 17:04:10,861] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Initializing the flow >> [2015-02-11 17:04:10,861] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - The query-string sent by the calling servlet is: >> SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% >> 2Fwww.w3.org >> %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gjnmwL3nruOUgRGotCoAxR1U3x7dKAw36MFQpn%2FBQbIl%2FlsX20cbQ6TkRBHsmVUYPX6DjTSSykEhkjme1mHsPOfNSTamIA29i%2Fsg8eXWJS47OeFrUaYutmFTNMHm%2F1MP3c92AppLoClLGd7Uza8RgywiXi%2FELvLLWL0qzTvb2O4%3D&relyingParty= >> travelocity.com >> &sessionDataKey=166ec0b0-19b9-4531-b4c6-eb9b6ba0b40d&type=samlsso&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false >> [2015-02-11 17:04:10,861] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Framework contextId: b55b5935-c834-43c9-8c0f-25548ea57da1 >> [2015-02-11 17:04:10,861] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Starting an authentication flow >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - In authentication flow >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Starting the sequence >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Force Authenticate: false >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Re-Authenticate: false >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Passive Authenticate: false >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Executing the Step Based Authentication... >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Starting Step: 1 >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} >> - Finding already authenticated IdPs of the Step >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - Step contains only a single IdP. Going to call it directly >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade} >> - Trying to find the IdP for name: LOCAL >> [2015-02-11 17:04:10,863] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade} >> - A registered IdP was found >> [2015-02-11 17:04:10,864] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - BasicAuthenticator returned: INCOMPLETE >> [2015-02-11 17:04:10,864] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - BasicAuthenticator is redirecting >> [2015-02-11 17:04:10,864] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Step is not complete yet. Redirecting to outside. >> [2015-02-11 17:04:38,821] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - In authentication flow >> [2015-02-11 17:04:38,822] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Executing the Step Based Authentication... >> [2015-02-11 17:04:38,822] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Starting Step: 1 >> [2015-02-11 17:04:38,822] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils} >> - Finding already authenticated IdPs of the Step >> [2015-02-11 17:04:38,823] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - Receive a response from the external party >> [2015-02-11 17:04:38,823] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - BasicAuthenticator can handle the request. >> [2015-02-11 17:04:38,854] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >> - BasicAuthenticator returned: SUCCESS_COMPLETED >> [2015-02-11 17:04:38,854] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Step 1 is completed. Going to get the next one. >> [2015-02-11 17:04:38,854] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - There are no more steps to execute >> [2015-02-11 17:04:38,854] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Request is successfully authenticated >> [2015-02-11 17:04:38,854] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Handling Post Authentication tasks >> [2015-02-11 17:04:38,855] DEBUG >> {org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil} >> - JWT Header :{"typ":"JWT", "alg":"none"} >> [2015-02-11 17:04:38,855] DEBUG >> {org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil} >> - JWT Body >> :{"iss":"wso2","exp":14236544788553000,"iat":1423654478855,"idps":[{"idp":"LOCAL","authenticator":"BasicAuthenticator"}]} >> [2015-02-11 17:04:38,857] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} >> - Step processing is completed >> [2015-02-11 17:04:38,858] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Concluding the Authentication Flow >> [2015-02-11 17:04:38,858] DEBUG >> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler} >> - Sending response back to: /samlsso... >> commonAuthAuthenticated: true >> authenticatedUser: admin >> authenticatedIdPs: >> eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNDIzNjU0NDc4ODU1MzAwMCwiaWF0IjoxNDIzNjU0NDc4ODU1LCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19. >> sessionDataKey: 166ec0b0-19b9-4531-b4c6-eb9b6ba0b40d >> [2015-02-11 17:04:38,862] DEBUG >> {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - Query >> string : sessionDataKey=166ec0b0-19b9-4531-b4c6-eb9b6ba0b40d >> [2015-02-11 17:04:38,863] DEBUG >> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Validating SAML >> Request signature >> [2015-02-11 17:04:38,864] DEBUG >> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Request message >> <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >> AssertionConsumerServiceURL=" >> http://localhost:8080/travelocity.com/home.jsp"; Destination=" >> https://localhost:9443/samlsso"; ForceAuthn="false" ID="0" >> IsPassive="false" IssueInstant="2015-02-11T11:34:10.852Z" >> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" >> Version="2.0"><samlp:Issuer >> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">travelocity.com</samlp:Issuer><saml2p:NameIDPolicy >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AllowCreate="true" >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" >> SPNameQualifier="Issuer"/><saml2p:RequestedAuthnContext >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> Comparison="exact"><saml:AuthnContextClassRef >> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml2p:RequestedAuthnContext></samlp:AuthnRequest> >> [2015-02-11 17:04:38,865] DEBUG >> {org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator} >> - Constructing signed content string from URL query string >> SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% >> 2Fwww.w3.org >> %2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gjnmwL3nruOUgRGotCoAxR1U3x7dKAw36MFQpn%2FBQbIl%2FlsX20cbQ6TkRBHsmVUYPX6DjTSSykEhkjme1mHsPOfNSTamIA29i%2Fsg8eXWJS47OeFrUaYutmFTNMHm%2F1MP3c92AppLoClLGd7Uza8RgywiXi%2FELvLLWL0qzTvb2O4%3D >> [2015-02-11 17:04:38,866] DEBUG >> {org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator} >> - Constructed signed content string for HTTP-Redirect DEFLATE >> SAMLRequest=nZPdbtswDIVfxdC9f5sCmRC7yBIUC9BtXuLuoneawiwaZMkT6TR9%2B8l20nnDGgS7FcnDw4%2FU7O5Y6%2BAADpU1OUujhAVgpN0q8z1nj9V9OGV3xQxFrRs%2Bb2lv1vCzBaTA1xnkfSBnrTPcClTIjagBOUm%2BmX984FmU8MZZstJqFswRwZFvtLAG2xrcBtxBSXhcP%2BRsT9TwONZWCr23SHyaTJOYnDiAf1P0Eklbx3tbQ%2FQDGxYsvQllBPW%2Bu2L8o%2FrdZHITd%2B4QLQvurZPQ28%2FZTmgEFqyWOfPDrrAUiOoAvwOILawMkjCUsyxJb8MkC9O0SlN%2BM%2BFpEk1vsycWlKe53isz0LoE4duQhPxDVZVh%2BXlTseDrmbpPYGfGfXd3PV1xZsqKv1jN4rHioJ81%2FJOXWC1Lq5V8GbXJrt%2Bi1vZ54UCQZ0auhR5vLeiyQPeituGuT%2BVNNzsSGGLBpuw8fWmFVjsFLmeDYxa%2Fej7dHGz7FfrrITjSf5lf2LoRTmGHHY5C0gk8HysvtKe6ht2ow9VLuJgmueyk%2FXN3dM%2FWbbsjAuknq5ww2FhHw9r%2B6acYYm8BKc4bH%2F%2FT4hc%3D&SigAlg=http%3A%2F% >> 2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1 >> [2015-02-11 17:04:38,866] WARN >> {org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor} >> - Signature validation for Authentication Request failed. >> >> >> Any help to get around this would be really nice. >> >> [1] - >> https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0 >> >> >> Thanks >> -- >> Thusitha Dayaratne >> Software Engineer | WSO2 Inc >> >> Email [email protected] >> Mobile +94712756809 >> Blog alokayasoya.blogspot.com >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Tharindu Edirisinghe > Software Engineer | WSO2 Inc > Identity Server Team > mobile : +94 775 181586 > -- Thusitha Dayaratne Software Engineer | WSO2 Inc Email [email protected] Mobile +94712756809 Blog alokayasoya.blogspot.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
