Hi Thilini, Thank you for your explanation. The above mentioned error log got printed if the following are not included in authenticators.xml
<Parameter name="ResponseSignatureValidationEnabled">false</Parameter> <Parameter name="AssertionSignatureValidationEnabled">false</Parameter> under SAML2SSOAuthenticator configuration. Because in [1] those 2 parameters are checked and if those are false, validate signature part is skipped. If those properties are not included in authenticators.xml, signature validation fails and the relevant error log got printed as in [2] and this happens when the code on [3] gets executed. My question was what is reasoning behind this? [1] https://github.com/wso2-extensions/identity-carbon-auth-saml2/blob/master/components/org.wso2.carbon.identity.authenticator.saml2.sso/src/main/java/org/wso2/carbon/identity/authenticator/saml2/sso/SAML2SSOAuthenticator.java#L415 [2] https://github.com/wso2-extensions/identity-carbon-auth-saml2/blob/master/components/org.wso2.carbon.identity.authenticator.saml2.sso/src/main/java/org/wso2/carbon/identity/authenticator/saml2/sso/SAML2SSOAuthenticator.java#L135 [3] https://github.com/wso2/carbon-appmgt/blob/master/features/org.wso2.carbon.appmgt.publisher.feature/src/main/resources/publisher/controllers/acs.jag#L135 Thanks. Regards, Megala On Mon, Oct 3, 2016 at 12:55 PM, Thilini Shanika <[email protected]> wrote: > Hi Megala, > > When I try to login to carbon-appmgt publisher as a tenant admin in EMM, > it prints the following message in the console, > *[2016-10-02 20:23:46,814] ERROR > {org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator} - > Authentication Request is rejected. Signature validation failed.* > > But I tried the same with the APPM pack downloaded from jenkins. But the > relevant error message is not getting printed in the same scenario. While > further analyzing, I found that by default, AssertionSignatureValidation is > disabled in APPM [1]. What is the reason behind disabling this? > > The config in [1] is not related to Assertion signature validation. You > can find App manager publisher, store SAML response validation related > configs in [2] (publisher) and [3] (store) and you can enable/disable > signature validation via '*responseSigningEnabled*' property under > ssoConfiguration. > By default, this property is enabled in App Manager. > > jaggery SSO module is responsible for processing SAML response and > validating it according to given configurations [4]. Please check whether > the changes done to SSO module are reflected in EMM branch. > > [1] - https://github.com/wso2/product-app-manager/blob/master/ > modules/distribution/product/pom.xml#L107 > [2] - https://github.com/wso2/carbon-appmgt/blob/master/ > features/org.wso2.carbon.appmgt.publisher.feature/src/ > main/resources/publisher/config/publisher.json#L52 > [3] - https://github.com/wso2/carbon-appmgt/blob/master/ > features/org.wso2.carbon.appmgt.store.feature/src/main/ > resources/store/config/store.json#L17 > [4] - https://github.com/wso2/carbon-store/blob/app-manager- > 4.4.x-kernel/jaggery-modules/sso/scripts/sso.client.js#L142 > > On Sun, Oct 2, 2016 at 8:53 PM, Megala Uthayakumar <[email protected]> > wrote: > >> Hi All, >> >> When I try to login to carbon-appmgt publisher as a tenant admin in EMM, >> it prints the following message in the console, >> *[2016-10-02 20:23:46,814] ERROR >> {org.wso2.carbon.identity.authenticator.saml2.sso.SAML2SSOAuthenticator} - >> Authentication Request is rejected. Signature validation failed.* >> >> But I tried the same with the APPM pack downloaded from jenkins. But the >> relevant error message is not getting printed in the same scenario. While >> further analyzing, I found that by default, AssertionSignatureValidation is >> disabled in APPM [1]. What is the reason behind disabling this? >> >> [1] https://github.com/wso2/product-app-manager/blob/master/ >> modules/distribution/product/pom.xml#L107 >> >> Thanks. >> >> Regards, >> Megala >> -- >> Megala Uthayakumar >> >> Software Engineer >> Mobile : 0779967122 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thilini Shanika > Senior Software Engineer > WSO2, Inc.; http://wso2.com > 20, Palmgrove Avenue, Colombo 3 > > E-mail: [email protected] > > -- Megala Uthayakumar Software Engineer Mobile : 0779967122
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
