Hi Nadeesha, On Fri, Oct 2, 2015 at 3:04 PM, Darshana Gunawardana <darsh...@wso2.com> wrote:
> Hi Nadeesha, > > Have you checked whether the assertion is encrypted in the response IS > send back to travelocity app? > > And please provide the SSO Trace (save as a text file and attach in the > mail) for the whole flow. > > Thanks, > Darshana > > On Fri, Oct 2, 2015 at 2:53 PM, Nadeesha Meegoda <nadees...@wso2.com> > wrote: > >> Hi. >> >> I have configured the setup to Login to the Identity Server Using Another >> Identity Server as per the details in [1] in Super tenant mode. With the >> happy scenario according to the documentation this works fine. But I have >> enabled some additional properties in IDP and SP used for IDP as following : >> >> *Properties enabled for Federated Authenticators* - SAML2 Web SSO >> Configuration >> >> 1. Enabled Assertion Encryption >> 2. Enable Assertion Signing >> 3. Enable Authentication Response Signing >> >> *Properties enabled fo SP used for IDP * >> >> 1. Enabled Assertion Encryption >> 2. Enabled Response Signing >> >> *Properties enabled fo SP used for travelocity app* >> >> 1. Enabled Assertion Encryption >> > What is the Certificate Alias you used here ? is that the public key in travelocity app ? > 2. Enabled Response Signing >> >> In the travelocity.properties file also I have enabled Assertion >> Encryption,Response signing and Assertion signing. I have already imported >> the Identity Provider Public Certificate to IDP >> >> When I'm signing in to travelocity.com I get Unable to decrypt the SAML >> Assertion error and error in [2] in tomcat. >> >> Note that only enabling "assertion signing" in IDP I was successfully >> able to login and no error was displayed. When I enabled the Assertion >> Encryption this error occurred. Why is this error occurred when I enable >> this property as mentioned above? >> >> Any help regarding this is highly appreciated! >> >> >> >> [1] - >> https://docs.wso2.com/pages/viewpage.action?title=Login%2Bto%2Bthe%2BIdentity%2BServer%2BUsing%2BAnother%2BIdentity%2BServer&spaceKey=IS510 >> >> [2] - Oct 02, 2015 2:10:47 PM >> org.wso2.carbon.identity.sso.agent.SSOAgentFilter doFilter >> SEVERE: An error has occurred >> org.wso2.carbon.identity.sso.agent.exception.SSOAgentException: Unable to >> decrypt the SAML Assertion >> at >> org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processSSOResponse(SAML2SSOManager.java:254) >> at >> org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processResponse(SAML2SSOManager.java:198) >> at >> org.wso2.carbon.identity.sso.agent.SSOAgentFilter.doFilter(SSOAgentFilter.java:89) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >> at >> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> >> >> >> >> Thanks! >> -- >> *Nadeesha Meegoda* >> Software Engineer - QA >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> email : nadees...@wso2.com >> mobile: +94783639540 >> <%2B94%2077%202273555> >> > > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware > -- Ishara Karunarathna Senior Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
