Have you tried with a more recent JDK release, like 7u40?
--Sean On 10/07/2013 02:12 PM, Terry, Ryan wrote:
Still working on this XML validation issue. Replaced the self-signbed certificate with a Verisign signed cert, and the problem persists. Debug logs show the following: [2013-10-07 11:18:44,533 http-bio-8080-exec-4] [org.apache.xml.security.signature.Reference : ?] [WARN ] Verification failed for URI "#_355f4d642121f2eabf18e0a29de1461f2a80ad3f" [2013-10-07 11:18:44,536 http-bio-8080-exec-4] [org.apache.xml.security.signature.Reference : ?] [WARN ] Expected Digest: B3ODtoOgYqgCD1zRSXkb+IKI+Fw= [2013-10-07 11:18:44,538 http-bio-8080-exec-4] [org.apache.xml.security.signature.Reference : ?] [WARN ] Actual Digest: 81w+8JNEEQ22uMu3nV1lI1jMyfU= [2013-10-07 11:18:44,541 http-bio-8080-exec-4] [org.apache.xml.security.signature.Manifest : ?] [DEBUG] The Reference has Type [2013-10-07 11:18:55,667 http-bio-8080-exec-4] [SamlSSODataHandler : 215] [ERROR] The SAML Response Signature was either invalid or the signing key could not be established as trusted! The interesting thing is that JDK revision effects this. With JDK 1.6.0_17 this signature works, with 1.6.0_18 and newer it fails with this error. How is the JDK affecting the digest value of a signature? Anyone have any ideas? Ryan Terry Senior Systems Engineer ADP Network Services w- 801.956.6999 c- 801.509.3212 ------------------------------------------------------------------------ This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
