Re: [Dev] Error validating deflate signature-Could not extract the Signature from query string

Darshana Gunawardana Tue, 24 May 2016 18:29:47 -0700

Hi IsharaC,

Were you able to resolve the issue?


Seems like SAML request is using Redirect binding and setting the signature
included in to the request itself. If you still have the problem, please
share the sso trace from Firefox SAML tracer plugin so we can have a look.

Thanks,

On Tue, May 17, 2016 at 2:51 PM, Ishara Cooray <isha...@wso2.com> wrote:

> Hi IS Team,
>
> I am working on a scenario where need signature validation for
> authentication requests coming from a jaggery app deployed in a AS. I have
> configured SSO with SAML 2.0 while IS as the identity provider (IS 5.0.0).
>
> For that, I have the 'Enable Signature Validation in Authentication
> Requests and Logout Requests' enabled in my Service provider.
>
> I have set  signRequests to 'true' in SSORelyingParty as below.
>
>     ssoRelyingParty.setProperty("signRequests", SSO_SIGN_REQUESTS);
>
> and i use Assertion Consumer URL as <host>/publisher/jagg/jaggery_acs.jag
> or <host>store/jagg/jaggery_acs.jag
>
>
> But, from the IS i get below error and auhtentication fails.
> Any help to figure out the issue would be appreciated.
> SAML 2.0 based Single Sign-On
> Error when processing the authentication request!
> Please try login again.
>
> *Error log in IS console :*
>
> TID: [0] [IS] [2016-05-17 01:42:41,874] ERROR
> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} -  Error validating
> deflate signature {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil}
> org.opensaml.ws.security.SecurityPolicyException: *Could not extract the
> Signature from query string*
>     at
> org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator.getSignature(SAML2HTTPRedirectDeflateSignatureValidator.java:144)
>     at
> org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator.validateSignature(SAML2HTTPRedirectDeflateSignatureValidator.java:68)
>     at
> org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.validateDeflateSignature(SAMLSSOUtil.java:859)
>     at
> org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.validateAuthnRequestSignature(SAMLSSOUtil.java:795)
>     at
> org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:91)
>     at
> org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:140)
>     at
> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:670)
>     at
> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:177)
>     at
> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:93)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>     at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
>     at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
>     at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
>     at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60)
>     at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>     at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
>     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>     at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>     at
> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
>     at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>     at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>     at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>     at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>     at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>     at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>     at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>     at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
>     at
> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>     at
> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
>     at
> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>     at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
>     at
> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
>     at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
>     at
> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
>     at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>     at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>     at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
>     at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>     at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
>     at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>     at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>     at java.lang.Thread.run(Thread.java:744)
>
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>



-- 
Regards,


*Darshana Gunawardana*Senior Software Engineer
WSO2 Inc.; http://wso2.com

*E-mail: darsh...@wso2.com <darsh...@wso2.com>*
*Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Error validating deflate signature-Could not extract the Signature from query string

Reply via email to