Hi Nadeesha, Have you checked whether the assertion is encrypted in the response IS send back to travelocity app?
And please provide the SSO Trace (save as a text file and attach in the mail) for the whole flow. Thanks, Darshana On Fri, Oct 2, 2015 at 2:53 PM, Nadeesha Meegoda <[email protected]> wrote: > Hi. > > I have configured the setup to Login to the Identity Server Using Another > Identity Server as per the details in [1] in Super tenant mode. With the > happy scenario according to the documentation this works fine. But I have > enabled some additional properties in IDP and SP used for IDP as following : > > *Properties enabled for Federated Authenticators* - SAML2 Web SSO > Configuration > > 1. Enabled Assertion Encryption > 2. Enable Assertion Signing > 3. Enable Authentication Response Signing > > *Properties enabled fo SP used for IDP * > > 1. Enabled Assertion Encryption > 2. Enabled Response Signing > > *Properties enabled fo SP used for travelocity app* > > 1. Enabled Assertion Encryption > 2. Enabled Response Signing > > In the travelocity.properties file also I have enabled Assertion > Encryption,Response signing and Assertion signing. I have already imported > the Identity Provider Public Certificate to IDP > > When I'm signing in to travelocity.com I get Unable to decrypt the SAML > Assertion error and error in [2] in tomcat. > > Note that only enabling "assertion signing" in IDP I was successfully able > to login and no error was displayed. When I enabled the Assertion > Encryption this error occurred. Why is this error occurred when I enable > this property as mentioned above? > > Any help regarding this is highly appreciated! > > > > [1] - > https://docs.wso2.com/pages/viewpage.action?title=Login%2Bto%2Bthe%2BIdentity%2BServer%2BUsing%2BAnother%2BIdentity%2BServer&spaceKey=IS510 > > [2] - Oct 02, 2015 2:10:47 PM > org.wso2.carbon.identity.sso.agent.SSOAgentFilter doFilter > SEVERE: An error has occurred > org.wso2.carbon.identity.sso.agent.exception.SSOAgentException: Unable to > decrypt the SAML Assertion > at > org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processSSOResponse(SAML2SSOManager.java:254) > at > org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processResponse(SAML2SSOManager.java:198) > at > org.wso2.carbon.identity.sso.agent.SSOAgentFilter.doFilter(SSOAgentFilter.java:89) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > > > > > Thanks! > -- > *Nadeesha Meegoda* > Software Engineer - QA > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > email : [email protected] > mobile: +94783639540 > <%2B94%2077%202273555> > -- Regards, *Darshana Gunawardana*Senior Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
