Thanks Andy for your response I have attached the testsp_metadata.xml file for your reference.
Would there any problem with my SP service registry entry ? Can you share the reference of your SP service registry entry ? Regards Jitendra On Friday, November 30, 2018 at 3:05:16 AM UTC, Andy Ng wrote: > > Hi Jitendra, > > I have used *CAS 5.3.5 as idp* and SimpleSAMLPHP as sp, my SP service > registry is just bare-bone and it still works. > My metadata is also generated, so I don't think CAS generated idp metadata > is the problem. > > Is it possible to have a look at you ` > *mylocation/metadata/testsp_metadata.xml*`, that might also be a place to > look for solution. > > Cheers! > - Andy > > On Friday, 30 November 2018 05:29:50 UTC+8, Jitendra wrote: >> >> Hi, >> >> SAML Response generated by CAS IDP is giving error at SP side >> (SimpleSAMLphp) as "Unable to validate Signature". >> >> I have already running application of CAS 3.5.2 with external integration >> with Shibboleth IdP and now I am tring to integrate new CAS 5.3.5 version >> using CAS IDP. >> >> Following in the SAML Response generate by IdP for both CAS 5.3.5 and CAS >> 3.5.2 with external Shibboleth IdP. >> >> *SAML Response - CAS 5.3.5* >> >> <?xml version="1.0" encoding="UTF-8"?> >> <saml2p:Response >> Destination=" >> https://localhost:9443/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp >> " >> ID="_5811688302419932870" >> InResponseTo="_2eaf2e28b5216f16033c9426d54214ab6388f7e81f" >> IssueInstant="2018-11-29T21:01:43.318Z" Version="2.0" >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >> <saml2:Issuer >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >> https://localhost:8443/idp</saml2:Issuer> >> <ds:Signature >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <ds:SignedInfo> >> <ds:CanonicalizationMethod >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> <ds:SignatureMethod >> Algorithm=" >> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >> <ds:Reference >> URI="#_5811688302419932870"> >> <ds:Transforms> >> <ds:Transform >> Algorithm=" >> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >> <ds:Transform >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> </ds:Transforms> >> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >> >> <ds:DigestValue>b7YffVN2OeWjVJwE+M7Ubu8Y8yuT7AJH0UyZCbSfifY=</ds:DigestValue> >> </ds:Reference> >> </ds:SignedInfo> >> <ds:SignatureValue> >> >> O9KIQejb18K/ME5x0sVfa3vuSJfPDxz5kDLWo6afmWip4LZzA3YNJf7v4e3Fb+9myw1aEPC3XP3b
 >> >> As0WFTeVIzB2zzM7k7PxKQFpZyZ4sWR2gYcpj85AobJVYIJA9uv2CfTPaERE9w5hfU4Pkc/bJ4cb
 >> 41oHsm6hLVRPZj1Tq68= >> </ds:SignatureValue> >> <ds:KeyInfo> >> <ds:X509Data> >> <ds:X509Certificate>***** DELETED ***** >> </ds:X509Certificate> >> </ds:X509Data> >> </ds:KeyInfo> >> </ds:Signature> >> <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >> <saml2p:StatusCode >> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >> </saml2p:Status> >> <saml2:EncryptedAssertion >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >> <xenc:EncryptedData Id="_820da790be35c89c155513777cd62a67" >> Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";> >> <xenc:EncryptionMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <ds:RetrievalMethod >> Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"; >> URI="#_a624d6692b8ac5cf1b149f831bd1aee4"/> >> </ds:KeyInfo> >> <xenc:CipherData xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";> >> <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedData> >> <xenc:EncryptedKey Id="_a624d6692b8ac5cf1b149f831bd1aee4" >> Recipient=" >> https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp"; >> >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> >> <xenc:EncryptionMethod >> Algorithm=" >> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";> >> <ds:DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> >> </xenc:EncryptionMethod> >> <xenc:CipherData xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";> >> <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> >> </xenc:CipherData> >> <xenc:ReferenceList> >> <xenc:DataReference >> URI="#_820da790be35c89c155513777cd62a67"/> >> </xenc:ReferenceList> >> </xenc:EncryptedKey> >> </saml2:EncryptedAssertion> >> </saml2p:Response> >> >> *SAML Response - CAS 3.5.2 with external Shibboleth IdP* >> >> <saml2p:Response Destination="https://localhost/Shibboleth.sso/SAML2/POST >> " >> ID="_2d92ed1015600c258406df9be22f95be" >> InResponseTo="_3c79c509762462fa063e035b4ac9b6fa" >> IssueInstant="2018-11-29T15:41:52.149Z" Version="2.0" >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >> <saml2:Issuer >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >> https://localhost/idp/shibboleth</saml2:Issuer> >> <saml2p:Status><saml2p:StatusCode >> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status> >> <saml2:EncryptedAssertion >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >> <xenc:EncryptedData Id="_6d71ffd770ca214f19d05dd34c179bf7" >> Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" >> http://www.w3.org/2001/04/xmlenc#aes128-cbc"; >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey Id="_2062d09a80fbd4810e9e733fa0132d9f" >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> >> <xenc:EncryptionMethod Algorithm=" >> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; >> >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><ds:DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; >> xmlns:ds="http://www.w3.org/2000/09/xmldsig# >> "/></xenc:EncryptionMethod> >> <ds:KeyInfo> >> <ds:X509Data> >> <ds:X509Certificate>**** DELETED **** >> </ds:X509Certificate> >> </ds:X509Data> >> </ds:KeyInfo> >> <xenc:CipherData xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";> >> <xenc:CipherValue>**** DELETED **** >> </xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedKey> >> </ds:KeyInfo> >> <xenc:CipherData xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";> >> <xenc:CipherValue>**** DELETED ****</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedData> >> </saml2:EncryptedAssertion> >> </saml2p:Response> >> >> And following the my SP Service Registry entry >> >> *{* >> * "@class" : >> "org.apereo.cas.support.saml.services.SamlRegisteredService",* >> * "serviceId" : >> "https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp >> >> <https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp>",* >> * "name" : "SAMLService",* >> * "id" : 10000003,* >> * "evaluationOrder" : 10,* >> * "metadataLocation" : "mylocation/metadata/testsp_metadata.xml",* >> * "signAssertions": false,* >> * "signResponses": true,* >> * "encryptAssertions": true* >> *}* >> >> Can anyone please help me in finding out what is the issue in my >> configuration?? >> >> >> TIA >> Jitendra >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e1adc4ba-42dd-45b2-be33-f29edf81e5dd%40apereo.org.
testsp_metadata.xml
Description: XML document
