Hi Darshana, Yes, this issue was not yet fixed but the effort is on hold at the moment due to other priorities.
However what i was noticed by looking at the code is it seems 'signature' is resolved as an empty string in below code snippet. String signature = HTTPTransportUtils.getRawQueryStringParameter(queryString, "Signature"); Is this can be a configuration issue? Thanks for checking on this and will get back with the sso tracer when i start working on this again. Regards, Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware On Wed, May 25, 2016 at 6:58 AM, Darshana Gunawardana <darsh...@wso2.com> wrote: > Hi IsharaC, > > Were you able to resolve the issue? > > Seems like SAML request is using Redirect binding and setting the > signature included in to the request itself. If you still have the problem, > please share the sso trace from Firefox SAML tracer plugin so we can have a > look. > > Thanks, > > On Tue, May 17, 2016 at 2:51 PM, Ishara Cooray <isha...@wso2.com> wrote: > >> Hi IS Team, >> >> I am working on a scenario where need signature validation for >> authentication requests coming from a jaggery app deployed in a AS. I have >> configured SSO with SAML 2.0 while IS as the identity provider (IS 5.0.0). >> >> For that, I have the 'Enable Signature Validation in Authentication >> Requests and Logout Requests' enabled in my Service provider. >> >> I have set signRequests to 'true' in SSORelyingParty as below. >> >> ssoRelyingParty.setProperty("signRequests", SSO_SIGN_REQUESTS); >> >> and i use Assertion Consumer URL as <host>/publisher/jagg/jaggery_acs.jag >> or <host>store/jagg/jaggery_acs.jag >> >> >> But, from the IS i get below error and auhtentication fails. >> Any help to figure out the issue would be appreciated. >> SAML 2.0 based Single Sign-On >> Error when processing the authentication request! >> Please try login again. >> >> *Error log in IS console :* >> >> TID: [0] [IS] [2016-05-17 01:42:41,874] ERROR >> {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Error validating >> deflate signature {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} >> org.opensaml.ws.security.SecurityPolicyException: *Could not extract the >> Signature from query string* >> at >> org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator.getSignature(SAML2HTTPRedirectDeflateSignatureValidator.java:144) >> at >> org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator.validateSignature(SAML2HTTPRedirectDeflateSignatureValidator.java:68) >> at >> org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.validateDeflateSignature(SAMLSSOUtil.java:859) >> at >> org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.validateAuthnRequestSignature(SAMLSSOUtil.java:795) >> at >> org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor.process(SPInitSSOAuthnRequestProcessor.java:91) >> at >> org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticate(SAMLSSOService.java:140) >> at >> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleAuthenticationReponseFromFramework(SAMLSSOProviderServlet.java:670) >> at >> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.handleRequest(SAMLSSOProviderServlet.java:177) >> at >> org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet.doGet(SAMLSSOProviderServlet.java:93) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:735) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) >> at >> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >> at >> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) >> at >> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> at >> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >> at >> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) >> at >> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:744) >> >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> > > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev