Hi Farasath, I have used only response signing on. But still I have the same issue.
Thanks. On Wed, Jun 1, 2016 at 12:46 PM, Farasath Ahamed <[email protected]> wrote: > Hi Megala, > > Have you enabled Signature validation for Authentication requests? If so > can you try the scenario with only Response signing on and see if it works > for tenants as well. > > > Thanks, > > Farasath Ahamed > Software Engineer, > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > > Email: [email protected] > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > > On Wed, Jun 1, 2016 at 12:04 PM, Ruwan Abeykoon <[email protected]> wrote: > >> Hi All, >> We embedded the dashboard not using SSO, but with custom Jaggery page >> inside "admin-dashboard" app. So the authentication session with >> "admin-dashboard" is sufficient for all auth/authz purpose. Hence the above >> problem does not arise. >> >> Therefore that work is not technically related to this thread. >> >> Cheers, >> Ruwan >> >> On Wed, Jun 1, 2016 at 11:55 AM, Megala Uthayakumar <[email protected]> >> wrote: >> >>> ok. I will check with him. Thanks >>> >>> On Wed, Jun 1, 2016 at 11:46 AM, Nuwan Dias <[email protected]> wrote: >>> >>>> Ruwan worked on embedding the portal within the admin-dashboard. Can >>>> you please talk to him and see what this means in that context? >>>> >>>> On Wed, Jun 1, 2016 at 11:43 AM, Megala Uthayakumar <[email protected]> >>>> wrote: >>>> >>>>> No. This is the portal coming from carbon-dashboard feature. It is >>>>> different from admin-dashboard. Please see the screen-shot thanks. >>>>> >>>>> On Wed, Jun 1, 2016 at 11:36 AM, Nuwan Dias <[email protected]> wrote: >>>>> >>>>>> Portal in the sense admin-dashboard right? >>>>>> >>>>>> On Wed, Jun 1, 2016 at 11:33 AM, Megala Uthayakumar <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> I have already mounted the registry and publisher app is working >>>>>>> fine in tenant mode as well. This issue only exists in the portal app. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> Regards, >>>>>>> Megala >>>>>>> >>>>>>> On Wed, Jun 1, 2016 at 11:26 AM, Nuwan Dias <[email protected]> wrote: >>>>>>> >>>>>>>> You need to share the same registry (mount registries) between IS >>>>>>>> and APIM to make this work for tenants. >>>>>>>> >>>>>>>> Its because tenants have their key stores in the registry and the >>>>>>>> SAML response is signed using the key in this key store. If they don't >>>>>>>> share the registry signing will be done by one key and verification >>>>>>>> will be >>>>>>>> done by a non-matching public key. Hence, signature validation will >>>>>>>> fail. >>>>>>>> >>>>>>>> Disabling signature validation poses a security threat. Therefore >>>>>>>> its not recommended to do that. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> NuwanD. >>>>>>>> >>>>>>>> On Wed, Jun 1, 2016 at 11:16 AM, Megala Uthayakumar < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> It is working when I remove that signature validation part from >>>>>>>>> acs.jag >>>>>>>>> >>>>>>>>> On Wed, Jun 1, 2016 at 9:35 AM, Udara Rathnayake <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Wed, Jun 1, 2016 at 8:53 AM, Megala Uthayakumar < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> I am trying to configure SSO in APIM 2.0.x by following [1]. >>>>>>>>>>> Publisher and Store jaggery apps work as expected but when I try to >>>>>>>>>>> login >>>>>>>>>>> to portal app(Portal of Dashboard Server) using SSO, it works fine >>>>>>>>>>> when I >>>>>>>>>>> am logging in as super-tenant user but whenever I try to login in >>>>>>>>>>> as a user >>>>>>>>>>> from other tenants, it throws following error, >>>>>>>>>>> >>>>>>>>>>> org.opensaml.xml.validation.ValidationException: Signature did >>>>>>>>>>> not validate against the credential's key >>>>>>>>>>> >>>>>>>>>> For the moment, shall we disable the signature validation and >>>>>>>>>> try? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> at >>>>>>>>>>> org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.modules.sso.common.util.Util.validateSignature(Util.java:290) >>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>>>>>> at >>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>>>>>>>>> at >>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>>>>>>>>> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126) >>>>>>>>>>> at >>>>>>>>>>> org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225) >>>>>>>>>>> at >>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.<sso>.scripts.c0._c_anonymous_3(<sso>/scripts/sso.client.js:57) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.<sso>.scripts.c0.call(<sso>/scripts/sso.client.js) >>>>>>>>>>> at >>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3._c_anonymous_1(/portal/controllers/acs.jag:77) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag) >>>>>>>>>>> at >>>>>>>>>>> org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3._c_script_0(/portal/controllers/acs.jag:20) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag) >>>>>>>>>>> at >>>>>>>>>>> org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394) >>>>>>>>>>> at >>>>>>>>>>> org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.call(/portal/controllers/acs.jag) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.rhino.portal.controllers.c3.exec(/portal/controllers/acs.jag) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29) >>>>>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337) >>>>>>>>>>> at >>>>>>>>>>> org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >>>>>>>>>>> at >>>>>>>>>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>>>>>>>> at >>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) >>>>>>>>>>> at >>>>>>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708) >>>>>>>>>>> at >>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>>>>>>>> at >>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>>>>>>>> at >>>>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>>>>>> >>>>>>>>>>> When I tried the same setup in product-ds using the internal >>>>>>>>>>> identity server, it works fine for both super-tenant and other >>>>>>>>>>> tenants. >>>>>>>>>>> >>>>>>>>>>> What could be the possible reason for this? Any help on this is >>>>>>>>>>> highly appreciated. >>>>>>>>>>> >>>>>>>>>>> [1] >>>>>>>>>>> https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2#ConfiguringSingleSign-onwithSAML2-ConfiguringWSO2APIManagerappsasSAML2.0SSOserviceproviders >>>>>>>>>>> Thanks. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Megala >>>>>>>>>>> -- >>>>>>>>>>> Megala Uthayakumar >>>>>>>>>>> >>>>>>>>>>> Software Engineer >>>>>>>>>>> Mobile : 0779967122 >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> UdaraR >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Megala Uthayakumar >>>>>>>>> >>>>>>>>> Software Engineer >>>>>>>>> Mobile : 0779967122 >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Nuwan Dias >>>>>>>> >>>>>>>> Technical Lead - WSO2, Inc. http://wso2.com >>>>>>>> email : [email protected] >>>>>>>> Phone : +94 777 775 729 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Megala Uthayakumar >>>>>>> >>>>>>> Software Engineer >>>>>>> Mobile : 0779967122 >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Nuwan Dias >>>>>> >>>>>> Technical Lead - WSO2, Inc. http://wso2.com >>>>>> email : [email protected] >>>>>> Phone : +94 777 775 729 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Megala Uthayakumar >>>>> >>>>> Software Engineer >>>>> Mobile : 0779967122 >>>>> >>>> >>>> >>>> >>>> -- >>>> Nuwan Dias >>>> >>>> Technical Lead - WSO2, Inc. http://wso2.com >>>> email : [email protected] >>>> Phone : +94 777 775 729 >>>> >>> >>> >>> >>> -- >>> Megala Uthayakumar >>> >>> Software Engineer >>> Mobile : 0779967122 >>> >> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Architect,* >> *WSO2, Inc. http://wso2.com <http://wso2.com/> * >> *lean.enterprise.middleware.* >> >> email: [email protected] >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- Megala Uthayakumar Software Engineer Mobile : 0779967122
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
