Hi, In WSO2 IoT, we have created a service provider for our webapp and we use SAML grant type to create OAUTH Token. This works fine for the super tenant mode, but it fails for the tenant flow with the following error
ERROR - SAML2BearerGrantHandler Error while validating the signature. org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79) at org.wso2.carbon.identity.oauth2.token.handlers.grant.saml.SAML2BearerGrantHandler.validateGrant(SAML2BearerGrantHandler.java:511) at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:212) at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:223) at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:287) at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:151) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) When debugging we identified that the SSO signature is signed with super tenant key-store but it gets verified in the grant type with tenant's key-store. Have you all encountered this issue before? How can this be achieved? Regards, Vishanth -- *Vishanth Balasubramaniam* Committer & PMC Member, Apache Stratos, Software Engineer, WSO2 Inc.; http://wso2.com mobile: *+94 77 17 377 18* about me: *http://about.me/vishanth <http://about.me/vishanth>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev