Hi,
I have enabled SSO for ES and ESB with an external IS. I am facing the
following issue when I try to login to publisher as a tenant.
INFO {JAGGERY.controllers.login:jag} - Login URL:
https://localhost:9447/samlsso
org.opensaml.xml.validation.ValidationException: Signature did not validate
against the credential's key
I tried to debug the SignatureValidator and found that, when a tenant logs
in to the publisher (via sso) the saml response is validated against the
tenant specific keystore, whereas a tenant logs in to the management
console (via sso) the saml response is validated against the wso2carbon
keystore.
The second scenario (tenant logs in to management console) is successful.
What I guess is IS always send a saml response which is only valid against
the wso2carbon keystore. (please correct me if I am wrong). What should be
the correct behavior is IS should send tenant specific response ? or ES
should always validate the saml response against the wso2carbon keystore.
Note: I have shred the governance registry and user database, also pointed
ES, ESB to IS's embedded LDAP.
Also please go through this mail thread "[ES] Tenant couldn't
login to publisher when SSO is enabled with IS"
Thank you
Senduran
--
*Senduran *
Software Engineer,
WSO2, Inc.; http://wso2.com/ <http://wso2.com/>
Mobile: +94 77 952 6548
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
