Re: [Dev] Error while validating the signature in SAML Grant Type

Wed, 11 Jan 2017 10:46:02 -0800 

Is the service provider created in super tenant and the rest of tenants
access it as a SaaS app?

Also what is oauth component version used in IoT server?

On Jan 11, 2017 9:47 PM, "Vishanth Balasubramaniam" <vishan...@wso2.com>
wrote:

Hi,

In WSO2 IoT, we have created a service provider for our webapp and we use
SAML grant type to create OAUTH Token. This works fine for the super tenant
mode, but it fails for the tenant flow with the following error

ERROR - SAML2BearerGrantHandler Error while validating the signature.

org.opensaml.xml.validation.ValidationException: Signature did not validate
against the credential's key

at org.opensaml.xml.signature.SignatureValidator.validate(
SignatureValidator.java:79)

at org.wso2.carbon.identity.oauth2.token.handlers.grant.
saml.SAML2BearerGrantHandler.validateGrant(SAML2BearerGrantHandler.java:511)

at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(
AccessTokenIssuer.java:212)

at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(
OAuth2Service.java:223)

at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.
getAccessToken(OAuth2TokenEndpoint.java:287)

at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.
issueAccessToken(OAuth2TokenEndpoint.java:151)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

When debugging we identified that the SSO signature is signed with super
tenant key-store but it gets verified in the grant type with tenant's
key-store.

Have you all encountered this issue before? How can this be achieved?

Regards,
Vishanth

-- 
*Vishanth Balasubramaniam*
Committer & PMC Member, Apache Stratos,
Software Engineer, WSO2 Inc.; http://wso2.com

mobile: *+94 77 17 377 18*
about me: *http://about.me/vishanth <http://about.me/vishanth>*

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to