Following error is coming on SimpleSAMLPHP SP end. SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 1 www\_include.php:17 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: Exception: Unable to validate Signature Backtrace: 6 vendor\simplesamlphp\saml2\src\SAML2\Utils.php:179 (SAML2\Utils::validateSignature) 5 [builtin] (call_user_func) 4 vendor\simplesamlphp\saml2\src\SAML2\Message.php:261 (SAML2\Message::validate) 3 modules\saml\lib\Message.php:206 (sspmod_saml_Message::checkSign) 2 modules\saml\lib\Message.php:600 (sspmod_saml_Message::processResponse) 1 modules\saml\www\sp\saml2-acs.php:129 (require) 0 www\module.php:135 (N/A) Regards Jitendra On Friday, November 30, 2018 at 9:56:08 AM UTC, Jitendra wrote: > > Thanks Andy for your response > > I have attached the testsp_metadata.xml file for your reference. > > Would there any problem with my SP service registry entry ? Can you share > the reference of your SP service registry entry ? > > Regards > Jitendra > > > > > On Friday, November 30, 2018 at 3:05:16 AM UTC, Andy Ng wrote: >> >> Hi Jitendra, >> >> I have used *CAS 5.3.5 as idp* and SimpleSAMLPHP as sp, my SP service >> registry is just bare-bone and it still works. >> My metadata is also generated, so I don't think CAS generated idp >> metadata is the problem. >> >> Is it possible to have a look at you ` >> *mylocation/metadata/testsp_metadata.xml*`, that might also be a place >> to look for solution. >> >> Cheers! >> - Andy >> >> On Friday, 30 November 2018 05:29:50 UTC+8, Jitendra wrote: >>> >>> Hi, >>> >>> SAML Response generated by CAS IDP is giving error at SP side >>> (SimpleSAMLphp) as "Unable to validate Signature". >>> >>> I have already running application of CAS 3.5.2 with external >>> integration with Shibboleth IdP and now I am tring to integrate new CAS >>> 5.3.5 version using CAS IDP. >>> >>> Following in the SAML Response generate by IdP for both CAS 5.3.5 and >>> CAS 3.5.2 with external Shibboleth IdP. >>> >>> *SAML Response - CAS 5.3.5* >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <saml2p:Response >>> Destination=" >>> https://localhost:9443/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp >>> " >>> ID="_5811688302419932870" >>> InResponseTo="_2eaf2e28b5216f16033c9426d54214ab6388f7e81f" >>> IssueInstant="2018-11-29T21:01:43.318Z" Version="2.0" >>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2:Issuer >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> https://localhost:8443/idp</saml2:Issuer> >>> <ds:Signature >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> >>> <ds:SignedInfo> >>> <ds:CanonicalizationMethod >>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >>> <ds:SignatureMethod >>> Algorithm=" >>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >>> <ds:Reference >>> URI="#_5811688302419932870"> >>> <ds:Transforms> >>> <ds:Transform >>> Algorithm=" >>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >>> <ds:Transform >>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# >>> "/> >>> </ds:Transforms> >>> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >>> >>> <ds:DigestValue>b7YffVN2OeWjVJwE+M7Ubu8Y8yuT7AJH0UyZCbSfifY=</ds:DigestValue> >>> </ds:Reference> >>> </ds:SignedInfo> >>> <ds:SignatureValue> >>> >>> O9KIQejb18K/ME5x0sVfa3vuSJfPDxz5kDLWo6afmWip4LZzA3YNJf7v4e3Fb+9myw1aEPC3XP3b
 >>> >>> As0WFTeVIzB2zzM7k7PxKQFpZyZ4sWR2gYcpj85AobJVYIJA9uv2CfTPaERE9w5hfU4Pkc/bJ4cb
 >>> 41oHsm6hLVRPZj1Tq68= >>> </ds:SignatureValue> >>> <ds:KeyInfo> >>> <ds:X509Data> >>> <ds:X509Certificate>***** DELETED ***** >>> </ds:X509Certificate> >>> </ds:X509Data> >>> </ds:KeyInfo> >>> </ds:Signature> >>> <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2p:StatusCode >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >>> </saml2p:Status> >>> <saml2:EncryptedAssertion >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> <xenc:EncryptedData Id="_820da790be35c89c155513777cd62a67" >>> Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:EncryptionMethod >>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> >>> <ds:RetrievalMethod >>> Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" >>> URI="#_a624d6692b8ac5cf1b149f831bd1aee4"/> >>> </ds:KeyInfo> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> >>> </xenc:CipherData> >>> </xenc:EncryptedData> >>> <xenc:EncryptedKey Id="_a624d6692b8ac5cf1b149f831bd1aee4" >>> Recipient=" >>> https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp" >>> >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:EncryptionMethod >>> Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"> >>> <ds:DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> >>> </xenc:EncryptionMethod> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> >>> </xenc:CipherData> >>> <xenc:ReferenceList> >>> <xenc:DataReference >>> URI="#_820da790be35c89c155513777cd62a67"/> >>> </xenc:ReferenceList> >>> </xenc:EncryptedKey> >>> </saml2:EncryptedAssertion> >>> </saml2p:Response> >>> >>> *SAML Response - CAS 3.5.2 with external Shibboleth IdP* >>> >>> <saml2p:Response Destination=" >>> https://localhost/Shibboleth.sso/SAML2/POST" >>> ID="_2d92ed1015600c258406df9be22f95be" >>> InResponseTo="_3c79c509762462fa063e035b4ac9b6fa" >>> IssueInstant="2018-11-29T15:41:52.149Z" Version="2.0" >>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2:Issuer >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> https://localhost/idp/shibboleth</saml2:Issuer> >>> <saml2p:Status><saml2p:StatusCode >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status> >>> <saml2:EncryptedAssertion >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> <xenc:EncryptedData Id="_6d71ffd770ca214f19d05dd34c179bf7" >>> Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#aes128-cbc" >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> >>> <xenc:EncryptedKey Id="_2062d09a80fbd4810e9e733fa0132d9f" >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:EncryptionMethod Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" >>> >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig# >>> "/></xenc:EncryptionMethod> >>> <ds:KeyInfo> >>> <ds:X509Data> >>> <ds:X509Certificate>**** DELETED **** >>> </ds:X509Certificate> >>> </ds:X509Data> >>> </ds:KeyInfo> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:CipherValue>**** DELETED **** >>> </xenc:CipherValue> >>> </xenc:CipherData> >>> </xenc:EncryptedKey> >>> </ds:KeyInfo> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#"> >>> <xenc:CipherValue>**** DELETED ****</xenc:CipherValue> >>> </xenc:CipherData> >>> </xenc:EncryptedData> >>> </saml2:EncryptedAssertion> >>> </saml2p:Response> >>> >>> And following the my SP Service Registry entry >>> >>> *{* >>> * "@class" : >>> "org.apereo.cas.support.saml.services.SamlRegisteredService",* >>> * "serviceId" : >>> "https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp >>> >>> <https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp>",* >>> * "name" : "SAMLService",* >>> * "id" : 10000003,* >>> * "evaluationOrder" : 10,* >>> * "metadataLocation" : "mylocation/metadata/testsp_metadata.xml",* >>> * "signAssertions": false,* >>> * "signResponses": true,* >>> * "encryptAssertions": true* >>> *}* >>> >>> Can anyone please help me in finding out what is the issue in my >>> configuration?? >>> >>> >>> TIA >>> Jitendra >>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67e06944-aadb-4ce0-acca-6136dd93030f%40apereo.org.