i have configured adfs identity server. have signed certificate adfs imported identity server. have changed idpalias property appropriately. however, getting following error, while using travelocity.com appliction.
severe: error has occurred org.wso2.carbon.identity.sso.agent.exception.ssoagentexception: signature validation failed saml response @ org.wso2.carbon.identity.sso.agent.saml.saml2ssomanager.validatesignature(saml2ssomanager.java:483) @ org.wso2.carbon.identity.sso.agent.saml.saml2ssomanager.processssoresponse(saml2ssomanager.java:227) @ org.wso2.carbon.identity.sso.agent.saml.saml2ssomanager.processresponse(saml2ssomanager.java:145) @ org.wso2.carbon.identity.sso.agent.ssoagentfilter.dofilter(ssoagentfilter.java:89) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:212) @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:106) @ org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java:502) @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:141) @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:79) @ org.apache.catalina.valves.abstractaccesslogvalve.invoke(abstractaccesslogvalve.java:616) @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:88) @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:528) @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1099) @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:670) @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.dorun(nioendpoint.java:1520) @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.run(nioendpoint.java:1476) @ java.util.concurrent.threadpoolexecutor.runworker(unknown source) @ java.util.concurrent.threadpoolexecutor$worker.run(unknown source) @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61) @ java.lang.thread.run(unknown source)
aug 01, 2016 11:34:39 org.apache.catalina.core.standardwrappervalve invoke severe: servlet.service() servlet [jsp] in context path [/travelocity.com] threw exception [signature validation failed saml response] root cause org.wso2.carbon.identity.sso.agent.exception.ssoagentexception: signature validation failed saml response @ org.wso2.carbon.identity.sso.agent.saml.saml2ssomanager.validatesignature(saml2ssomanager.java:483) @ org.wso2.carbon.identity.sso.agent.saml.saml2ssomanager.processssoresponse(saml2ssomanager.java:227) @ org.wso2.carbon.identity.sso.agent.saml.saml2ssomanager.processresponse(saml2ssomanager.java:145) @ org.wso2.carbon.identity.sso.agent.ssoagentfilter.dofilter(ssoagentfilter.java:89) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:240) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:207) @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:212) @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:106) @ org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java:502) @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:141) @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:79) @ org.apache.catalina.valves.abstractaccesslogvalve.invoke(abstractaccesslogvalve.java:616) @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:88) @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:528) @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1099) @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:670) @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.dorun(nioendpoint.java:1520) @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.run(nioendpoint.java:1476) @ java.util.concurrent.threadpoolexecutor.runworker(unknown source) @ java.util.concurrent.threadpoolexecutor$worker.run(unknown source) @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61) @ java.lang.thread.run(unknown source)
the reason is, adfs sends response identity server signs response it's private key. identity server validates response public certificate have entered in idp configuration.
then happens is, identity server creates it's own saml respnose , sends travelocity application. in service provider configuration, if have enabled response signing, identity server signs saml response it's private key.
for travelocity, have export public certificate of identity server , import keystore (wso2carbon.jks) file of travelocity application. in travelocity.properties file, have change idpcertalias property giving alias of public certificate of identity server.
then should work.
basically, travelocity not know adfs. identity server knows it. travelocity knows identity server.
Comments
Post a Comment