Following error is coming on SimpleSAMLPHP SP end. SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 1 www\_include.php:17 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: Exception: Unable to validate Signature Backtrace: 6 vendor\simplesamlphp\saml2\src\SAML2\Utils.php:179 (SAML2\Utils::validateSignature) 5 [builtin] (call_user_func) 4 vendor\simplesamlphp\saml2\src\SAML2\Message.php:261 (SAML2\Message::validate) 3 modules\saml\lib\Message.php:206 (sspmod_saml_Message::checkSign) 2 modules\saml\lib\Message.php:600 (sspmod_saml_Message::processResponse) 1 modules\saml\www\sp\saml2-acs.php:129 (require) 0 www\module.php:135 (N/A) Regards Jitendra On Friday, November 30, 2018 at 9:56:08 AM UTC, Jitendra wrote: > > Thanks Andy for your response > > I have attached the testsp_metadata.xml file for your reference. > > Would there any problem with my SP service registry entry ? Can you share > the reference of your SP service registry entry ? > > Regards > Jitendra > > > > > On Friday, November 30, 2018 at 3:05:16 AM UTC, Andy Ng wrote: >> >> Hi Jitendra, >> >> I have used *CAS 5.3.5 as idp* and SimpleSAMLPHP as sp, my SP service >> registry is just bare-bone and it still works. >> My metadata is also generated, so I don't think CAS generated idp >> metadata is the problem. >> >> Is it possible to have a look at you ` >> *mylocation/metadata/testsp_metadata.xml*`, that might also be a place >> to look for solution. >> >> Cheers! >> - Andy >> >> On Friday, 30 November 2018 05:29:50 UTC+8, Jitendra wrote: >>> >>> Hi, >>> >>> SAML Response generated by CAS IDP is giving error at SP side >>> (SimpleSAMLphp) as "Unable to validate Signature". >>> >>> I have already running application of CAS 3.5.2 with external >>> integration with Shibboleth IdP and now I am tring to integrate new CAS >>> 5.3.5 version using CAS IDP. >>> >>> Following in the SAML Response generate by IdP for both CAS 5.3.5 and >>> CAS 3.5.2 with external Shibboleth IdP. >>> >>> *SAML Response - CAS 5.3.5* >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <saml2p:Response >>> Destination=" >>> https://localhost:9443/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp >>> " >>> ID="_5811688302419932870" >>> InResponseTo="_2eaf2e28b5216f16033c9426d54214ab6388f7e81f" >>> IssueInstant="2018-11-29T21:01:43.318Z" Version="2.0" >>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2:Issuer >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> https://localhost:8443/idp</saml2:Issuer> >>> <ds:Signature >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>> <ds:SignedInfo> >>> <ds:CanonicalizationMethod >>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >>> <ds:SignatureMethod >>> Algorithm=" >>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >>> <ds:Reference >>> URI="#_5811688302419932870"> >>> <ds:Transforms> >>> <ds:Transform >>> Algorithm=" >>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >>> <ds:Transform >>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# >>> "/> >>> </ds:Transforms> >>> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >>> >>> <ds:DigestValue>b7YffVN2OeWjVJwE+M7Ubu8Y8yuT7AJH0UyZCbSfifY=</ds:DigestValue> >>> </ds:Reference> >>> </ds:SignedInfo> >>> <ds:SignatureValue> >>> >>> O9KIQejb18K/ME5x0sVfa3vuSJfPDxz5kDLWo6afmWip4LZzA3YNJf7v4e3Fb+9myw1aEPC3XP3b
 >>> >>> As0WFTeVIzB2zzM7k7PxKQFpZyZ4sWR2gYcpj85AobJVYIJA9uv2CfTPaERE9w5hfU4Pkc/bJ4cb
 >>> 41oHsm6hLVRPZj1Tq68= >>> </ds:SignatureValue> >>> <ds:KeyInfo> >>> <ds:X509Data> >>> <ds:X509Certificate>***** DELETED ***** >>> </ds:X509Certificate> >>> </ds:X509Data> >>> </ds:KeyInfo> >>> </ds:Signature> >>> <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2p:StatusCode >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >>> </saml2p:Status> >>> <saml2:EncryptedAssertion >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> <xenc:EncryptedData Id="_820da790be35c89c155513777cd62a67" >>> Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:EncryptionMethod >>> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>> <ds:RetrievalMethod >>> Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"; >>> URI="#_a624d6692b8ac5cf1b149f831bd1aee4"/> >>> </ds:KeyInfo> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> >>> </xenc:CipherData> >>> </xenc:EncryptedData> >>> <xenc:EncryptedKey Id="_a624d6692b8ac5cf1b149f831bd1aee4" >>> Recipient=" >>> https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp"; >>> >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:EncryptionMethod >>> Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";> >>> <ds:DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> >>> </xenc:EncryptionMethod> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> >>> </xenc:CipherData> >>> <xenc:ReferenceList> >>> <xenc:DataReference >>> URI="#_820da790be35c89c155513777cd62a67"/> >>> </xenc:ReferenceList> >>> </xenc:EncryptedKey> >>> </saml2:EncryptedAssertion> >>> </saml2p:Response> >>> >>> *SAML Response - CAS 3.5.2 with external Shibboleth IdP* >>> >>> <saml2p:Response Destination=" >>> https://localhost/Shibboleth.sso/SAML2/POST"; >>> ID="_2d92ed1015600c258406df9be22f95be" >>> InResponseTo="_3c79c509762462fa063e035b4ac9b6fa" >>> IssueInstant="2018-11-29T15:41:52.149Z" Version="2.0" >>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >>> <saml2:Issuer >>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> https://localhost/idp/shibboleth</saml2:Issuer> >>> <saml2p:Status><saml2p:StatusCode >>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status> >>> <saml2:EncryptedAssertion >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >>> <xenc:EncryptedData Id="_6d71ffd770ca214f19d05dd34c179bf7" >>> Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#aes128-cbc"; >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>> <xenc:EncryptedKey Id="_2062d09a80fbd4810e9e733fa0132d9f" >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:EncryptionMethod Algorithm=" >>> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; >>> >>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><ds:DigestMethod >>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig# >>> "/></xenc:EncryptionMethod> >>> <ds:KeyInfo> >>> <ds:X509Data> >>> <ds:X509Certificate>**** DELETED **** >>> </ds:X509Certificate> >>> </ds:X509Data> >>> </ds:KeyInfo> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:CipherValue>**** DELETED **** >>> </xenc:CipherValue> >>> </xenc:CipherData> >>> </xenc:EncryptedKey> >>> </ds:KeyInfo> >>> <xenc:CipherData xmlns:xenc=" >>> http://www.w3.org/2001/04/xmlenc#";> >>> <xenc:CipherValue>**** DELETED ****</xenc:CipherValue> >>> </xenc:CipherData> >>> </xenc:EncryptedData> >>> </saml2:EncryptedAssertion> >>> </saml2p:Response> >>> >>> And following the my SP Service Registry entry >>> >>> *{* >>> * "@class" : >>> "org.apereo.cas.support.saml.services.SamlRegisteredService",* >>> * "serviceId" : >>> "https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp >>> >>> <https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp>",* >>> * "name" : "SAMLService",* >>> * "id" : 10000003,* >>> * "evaluationOrder" : 10,* >>> * "metadataLocation" : "mylocation/metadata/testsp_metadata.xml",* >>> * "signAssertions": false,* >>> * "signResponses": true,* >>> * "encryptAssertions": true* >>> *}* >>> >>> Can anyone please help me in finding out what is the issue in my >>> configuration?? >>> >>> >>> TIA >>> Jitendra >>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/67e06944-aadb-4ce0-acca-6136dd93030f%40apereo.org.
