Hi Javier, Have you enabled signature verification in both IDP and SP? Also, Are you using the default keystore in both servers?
On Fri, May 26, 2017 at 5:28 AM, Vazquez-Hidalgo, Javier < javier.vazquez-hida...@tdsecurities.com> wrote: > Hello, > > > > I’m trying to configure APIM store/publisher/carbon sites to use SSO by > following the steps provided at > > > > https://docs.wso2.com/display/AM210/Configuring+API+Manager+for+SSO > > https://docs.wso2.com/display/AM210/Configuring+Identity+ > Server+as+IDP+for+SSO > > > > Identity Server is acting as the SSO IDP. > > > > The problem is that I’m getting signature verification failed on all > sites. I see the redirection happening and in the carbon site I get the > login screen but it fails to authenticate the user > > > > Logs when trying to login to “carbon” site: > > [2017-05-25 19:48:58,727] ERROR - SAML2SSOAuthenticator Authentication > Request is rejected. Signature validation failed. > > [2017-05-25 19:48:58,730] WARN - CarbonAuthenticationUtil Failed > Administrator login attempt 'admin[-1234]' at [2017-05-25 19:48:58,730-0400] > > [2017-05-25 19:48:58,734] ERROR - SAML2SSOUIAuthenticator Authentication > failed. > > > > Logs when trying to login to “publisher” site: > > [2017-05-25 19:49:43,724] ERROR - jaggery_acs:jag SAML response signature > is verification failed. > > > > > > > > Any ideas? > > > > > > Thanks, > > Javier > > > > > > If you wish to unsubscribe from receiving commercial electronic messages > from TD Bank Group, please click here <http://www.td.com/tdoptout> or go > to the following web address: www.td.com/tdoptout > Si vous souhaitez vous désabonner des messages électroniques de nature > commerciale envoyés par Groupe Banque TD veuillez cliquer ici > <http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab > > > NOTICE: Confidential message which may be privileged. Unauthorized > use/disclosure prohibited. If received in error, please go to > www.td.com/legal for instructions. > AVIS : Message confidentiel dont le contenu peut être privilégié. > Utilisation/divulgation interdites sans permission. Si reçu par erreur, > prière d'aller au www.td.com/francais/avis_juridique pour des > instructions. > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks Abimaran Kugathasan Senior Software Engineer - API Technologies Email : abima...@wso2.com Mobile : +94 773922820 <http://stackoverflow.com/users/515034> <http://lk.linkedin.com/in/abimaran> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> <https://twitter.com/abimaran>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev