Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid signature in Request #47

Closed
satishagrawal03 opened this issue Jan 9, 2018 · 1 comment
Closed

Invalid signature in Request #47

satishagrawal03 opened this issue Jan 9, 2018 · 1 comment

Comments

@satishagrawal03
Copy link

Hi All,

I am trying to run the application as it is (only ran the update-certifcate.sh to generate the keystore and then used the command - "keytool -importcert -alias apollo -file ca.cer -keystore samlKeystore.jks" to generate private key pair ) but am getting below error in UI after selecting the default ssocircle IdP.

**Error occurred

Reason: Invalid signature in Request.**

Also, please find below spring boot logs.

Kindly help me to resolve this issue urgently. (seems to be keystore related only).

[36mo.o.s.m.p.ChainingMetadataProvider      _[0;39m _[2m:_[0;39m Checking child metadata provider for entity descriptor with entity ID: com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Metadata document does not contain an EntityDescriptor with the ID com:vdenotaris:spring:sp
[36mo.o.s.m.p.ChainingMetadataProvider      _[0;39m _[2m:_[0;39m Checking child metadata provider for entity descriptor with entity ID: com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of com:vdenotaris:spring:sp
[36mo.o.s.m.p.ChainingMetadataProvider      _[0;39m _[2m:_[0;39m Checking child metadata provider for entity descriptor with entity ID: com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Metadata document did not contain a descriptor for entity com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Metadata document did not contain any role descriptors of type {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor for entity com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Metadata document does not contain a role of type {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor supporting protocol urn:oasis:names:tc:SAML:2.0:protocol for entity com:vdenotaris:spring:sp
[36mo.o.s.m.p.ChainingMetadataProvider      _[0;39m _[2m:_[0;39m Checking child metadata provider for entity descriptor with entity ID: com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Metadata document does not contain an EntityDescriptor with the ID com:vdenotaris:spring:sp
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of com:vdenotaris:spring:sp
[36mo.o.x.s.c.KeyStoreCredentialResolver    _[0;39m _[2m:_[0;39m Building credential from keystore entry for entityID apollo, usage type UNSPECIFIED
[36mo.o.x.s.c.KeyStoreCredentialResolver    _[0;39m _[2m:_[0;39m Processing PrivateKeyEntry from keystore
[36m.c.c.EvaluableCredentialCriteriaRegistry_[0;39m _[2m:_[0;39m Registry located evaluable criteria class org.opensaml.xml.security.credential.criteria.EvaluableEntityIDCredentialCriteria for criteria class org.opensaml.xml.security.criteria.EntityIDCriteria
[36mo.o.x.s.c.KeyStoreCredentialResolver    _[0;39m _[2m:_[0;39m Building credential from keystore entry for entityID apollo, usage type UNSPECIFIED
[36mo.o.x.s.c.KeyStoreCredentialResolver    _[0;39m _[2m:_[0;39m Processing PrivateKeyEntry from keystore
[36m.c.c.EvaluableCredentialCriteriaRegistry_[0;39m _[2m:_[0;39m Registry located evaluable criteria class org.opensaml.xml.security.credential.criteria.EvaluableEntityIDCredentialCriteria for criteria class org.opensaml.xml.security.criteria.EntityIDCriteria
[36mo.o.x.p.StaticBasicParserPool           _[0;39m _[2m:_[0;39m Setting DocumentBuilderFactory attribute 'http://javax.xml.XMLConstants/feature/secure-processing'
[36mo.o.x.p.StaticBasicParserPool           _[0;39m _[2m:_[0;39m Setting DocumentBuilderFactory attribute 'http://apache.org/xml/features/dom/defer-node-expansion'
[36mo.o.x.p.StaticBasicParserPool           _[0;39m _[2m:_[0;39m Setting DocumentBuilderFactory attribute 'http://apache.org/xml/features/disallow-doctype-decl'
[36mo.s.s.s.c.SAMLContextProviderImpl       _[0;39m _[2m:_[0;39m Using user specified IDP https://idp.ssocircle.com from request
[36mo.o.s.m.p.ChainingMetadataProvider      _[0;39m _[2m:_[0;39m Checking child metadata provider for entity descriptor with entity ID: https://idp.ssocircle.com
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of https://idp.ssocircle.com
[36mo.o.s.m.p.ChainingMetadataProvider      _[0;39m _[2m:_[0;39m Checking child metadata provider for entity descriptor with entity ID: https://idp.ssocircle.com
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of https://idp.ssocircle.com
[36mo.o.s.m.p.AbstractMetadataProvider      _[0;39m _[2m:_[0;39m Searching for entity descriptor with an entity ID of https://idp.ssocircle.com
[36mo.s.s.s.u.SAMLUtil                      _[0;39m _[2m:_[0;39m Index for AssertionConsumerService not specified, returning default
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selecting default IndexedEndpoint
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selected IndexedEndpoint with explicit isDefault of true
[36mo.s.s.s.SAMLEntryPoint                  _[0;39m _[2m:_[0;39m Processing SSO using WebSSO profile
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selecting default IndexedEndpoint
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selected IndexedEndpoint with explicit isDefault of true
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selecting default IndexedEndpoint
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selected IndexedEndpoint with explicit isDefault of true
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selecting default IndexedEndpoint
[36mo.o.s.m.s.SAML2MetadataHelper           _[0;39m _[2m:_[0;39m Selected IndexedEndpoint with explicit isDefault of true
[36mo.s.s.s.w.WebSSOProfileImpl             _[0;39m _[2m:_[0;39m Using default consumer service with binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
[36mo.o.w.m.e.BaseMessageEncoder            _[0;39m _[2m:_[0;39m Beginning encode message to outbound transport of type: org.opensaml.ws.transport.http.HttpServletResponseAdapter
[36mo.o.s.b.e.HTTPRedirectDeflateEncoder    _[0;39m _[2m:_[0;39m Deflating and Base64 encoding SAML message
[36mo.o.w.m.e.BaseMessageEncoder            _[0;39m _[2m:_[0;39m Marshalling message
[36mo.o.s.b.e.HTTPRedirectDeflateEncoder    _[0;39m _[2m:_[0;39m Building URL to redirect client to
[36mo.o.s.b.e.HTTPRedirectDeflateEncoder    _[0;39m _[2m:_[0;39m Generating signature with key type 'DSA', algorithm URI 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' over query string 'SAMLRequest=fZJfb9sgFMW%2FCrrvscFLNhfFqbJV1Sp1ahS7e9jbDb5LqDB4XBzt44%2F8qdq99AkBv8OBc1je%2Fh2cOFJkG3wDqpAgyJvQW79v4Lm7n9Vwu1oyDq4a9XpKB7%2BlPxNxElnoWV92Gpii1wHZsvY4EOtkdLv%2B8airQuoxhhRMcCDWzBRTtvoWPE8DxZbi0Rp63j42cEhp1GXpgkF3CJx0LWtZngzKtn0CcZddrcd0vukJ5kzbfiyYg7HROCpMGPR8%2FqnMKyfNlnobyaRyoIRrZ5HLcdo5a7IKxH2Ihs5PauA3OiYQD3cNYPW5PyDKfS%2FV%2FqU26ssO94v6xageF7jLEG%2BQ2R7pTcY80YPnhD41UElVz6SayZtOLfTiRs9VUVXqF4jNNYiv1l8C%2Fii13QVi%2Fb3rNrPNU9uB%2BPlaVAbgWos%2Bu8f3fXx8ML6WAKtTXseefEgYM8tjzI55WJbvj15dp%2F9%2FgNU%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23dsa-sha1'
[36mo.o.x.s.SigningUtil                     _[0;39m _[2m:_[0;39m Computing signature over input using private key of type DSA and JCA algorithm ID SHA1withDSA
[36mo.o.x.s.SigningUtil                     _[0;39m _[2m:_[0;39m Computed signature: 302d02150096a63b4d16533e52c14b81d61a3eb15d8086be5d0214324c7d6be3c929a27f3250795e23cb23f328c566
[36mo.o.s.b.e.HTTPRedirectDeflateEncoder    _[0;39m _[2m:_[0;39m Generated digital signature value (base64-encoded) MC0CFQCWpjtNFlM+UsFLgdYaPrFdgIa+XQIUMkx9a+PJKaJ/MlB5XiPLI/MoxWY=
[36mo.o.w.m.e.BaseMessageEncoder            _[0;39m _[2m:_[0;39m Successfully encoded message.
[36mo.s.s.s.s.HttpSessionStorage            _[0;39m _[2m:_[0;39m Storing message a26dhaa0gd01gj8c17bag58jc1da5ab to session C35F885770EDA5A0A9DD205271EC04E4
[36mo.s.s.s.l.SAMLDefaultLogger             _[0;39m _[2m:_[0;39m AuthNRequest;SUCCESS;0:0:0:0:0:0:0:1;com:vdenotaris:spring:sp;https://idp.ssocircle.com;;;
@satishagrawal03
Copy link
Author

Resolved by adding SP metadata entry in SSOCirlcle IdP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@satishagrawal03