Hi Abimaran, I was able to get SSO working. It turns out I didn’t have the default keystore, once I replaced it with the original one things worked.
Thanks for your help. Regards, Javier From: Dev [mailto:[email protected]] On Behalf Of Vazquez-Hidalgo, Javier Sent: Friday, May 26, 2017 8:45 AM To: Abimaran Kugathasan Cc: [email protected] Subject: Re: [Dev] SSO Configuration Hi Abimaran, I am using the default keystore on both servers. I don’t think I have enabled signature verification on IDP and SP, do I have to?, if so, how do I do it? Docs don’t seem to have that step. Javier From: Abimaran Kugathasan [mailto:[email protected]] Sent: Friday, May 26, 2017 12:21 AM To: Vazquez-Hidalgo, Javier Cc: [email protected]<mailto:[email protected]> Subject: Re: [Dev] SSO Configuration Hi Javier, Have you enabled signature verification in both IDP and SP? Also, Are you using the default keystore in both servers? On Fri, May 26, 2017 at 5:28 AM, Vazquez-Hidalgo, Javier <[email protected]<mailto:[email protected]>> wrote: Hello, I’m trying to configure APIM store/publisher/carbon sites to use SSO by following the steps provided at https://docs.wso2.com/display/AM210/Configuring+API+Manager+for+SSO https://docs.wso2.com/display/AM210/Configuring+Identity+Server+as+IDP+for+SSO Identity Server is acting as the SSO IDP. The problem is that I’m getting signature verification failed on all sites. I see the redirection happening and in the carbon site I get the login screen but it fails to authenticate the user Logs when trying to login to “carbon” site: [2017-05-25 19:48:58,727] ERROR - SAML2SSOAuthenticator Authentication Request is rejected. Signature validation failed. [2017-05-25 19:48:58,730] WARN - CarbonAuthenticationUtil Failed Administrator login attempt 'admin[-1234]' at [2017-05-25 19:48:58,730-0400] [2017-05-25 19:48:58,734] ERROR - SAML2SSOUIAuthenticator Authentication failed. Logs when trying to login to “publisher” site: [2017-05-25 19:49:43,724] ERROR - jaggery_acs:jag SAML response signature is verification failed. Any ideas? Thanks, Javier If you wish to unsubscribe from receiving commercial electronic messages from TD Bank Group, please click here<http://www.td.com/tdoptout> or go to the following web address: www.td.com/tdoptout<http://www.td.com/tdoptout> Si vous souhaitez vous désabonner des messages électroniques de nature commerciale envoyés par Groupe Banque TD veuillez cliquer ici<http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab<http://www.td.com/tddesab> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal<http://www.td.com/legal> for instructions. AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique<http://www.td.com/francais/avis_juridique> pour des instructions. _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev -- Thanks Abimaran Kugathasan Senior Software Engineer - API Technologies Email : [email protected]<mailto:[email protected]> Mobile : +94 773922820 [Image removed by sender.]<http://stackoverflow.com/users/515034> [Image removed by sender.] <http://lk.linkedin.com/in/abimaran> [Image removed by sender.] <http://www.lkabimaran.blogspot.com/> [Image removed by sender.] <https://github.com/abimarank> [Image removed by sender.] <https://twitter.com/abimaran>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
