"Signature did not validate against the credential's key" with Junos as IdP

spring spring-security saml-2.0 spring-saml
10,133

It seems that the Response message is signed using a different certificate than what is included in the IdP metadata. You should ask your IdP to tell you what certificates they use for their signatures and add them to their metadata file. Based on what you say it could also be that the metadata file is simply incomplete or corrupted.

The other option is to add the certificate they provide you to the samlKeystore.jks (and remember the alias). Then define the alias as signingKey on the ExtendedMetadata of your IdP's metadata definition in Spring configuration. You can find details on using the ExtendedMetadata in the Spring SAML manual.

The fact that the key is not included in the Response message is not wrong, Spring SAML knows which keys to use from the metadata and ExtendedMetadata configuration.

Share:
10,133
nocheinAndi
Author by

nocheinAndi

Updated on June 04, 2022

Comments

  • nocheinAndi
    nocheinAndi almost 2 years

    I've implemented SSO using Spring SAML and everything is working fine for an interaction with idp.ssocircle.com.

    Now I am trying to use another identity provider. I have downloaded the metadata of the IdP and have linked it in my spring XML config. I have also uploaded the metadata of the service provider to the iDP and have linked it in the spring XML config.

    I am redirected to the login page of my IdP and can successful enter my credentials. But an error like that appears "Signature did not validate against the credential's key".

    There is another stackoverflow post which describes a similiar problem, see "HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid" with Salesforce as IdP for implementating SSO

    But I have problems to follow the solution, because my SAML response captured by Fiddler does not contain an element like "X509Certificate".

    Edit(!):But I have to say that the metadata of my identity provider contains a element like "ds:X509Certificate" in "ds:keyInfo" with some content. But there also another empty "ds:keyInfo"-Element with an empty "ds:X509Data"-Element.

    Is there something wrong with the configuration of the identity provider?

    Can anybody tell my what is happening here?

    Complete log file: https://drive.google.com/file/d/0B3RlRCEjz-cvZGQ5aldzaUc0blE/edit?usp=sharing

    Thanks in advance,

    Andi

  • nocheinAndi
    nocheinAndi almost 10 years
    I have decoded the certificate in the metadata and it really was the wrong certificate in the metadata of my identity provider. I have replaced the metadata-file with a correct one and everything works fine. Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

HttpSession returned null object for SPRING_SECURITY_CONTEXT
Signature trust establishment failed for SAML metadata entry
IDP initiated SAML login error - Authentication statement is too old to be used with value
Spring security Saml - Time difference between SP and IDP
configuring saml-sample (SP) to work with Okta (IdP)
java.io.IOException: Invalid keystore format Spring Security SAML Extension
trusted certificate entries are not password-protected Spring SAML
SAMLException: Response has invalid status code status message is null
Custom WebSecurityConfigurerAdapter
Connect multiple authentication mechanisms Spring Boot Security