Re: org.pac4j.saml.exceptions.SAMLSignatureValidationException: Signature is not trusted
Try to disable all signature options at encryption options, it that works, your issue is related to the public Key you use locally in your SP that is not configured in your IdP or the public key on the IdP metadata is not valid El jueves, 5 de enero de 2023 a las 17:06:25 UTC+1, zllxll...@gmail.com escribió: > > hI.. > > Currently, I am integrating Company IDP with Jenkins. > > in Saml Plugin, > > "signature is not trusted" > > Can you help me solve the Error? > > > *[System Log]* > *org.pac4j.saml.exceptions.SAMLSignatureValidationException: Signature is > not trustedat > *org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator.validateSignature(AbstractSAML2ResponseValidator.java:147) > >at > org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertionSignature(SAML2AuthnResponseValidator.java:669) > >at > org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:392) > >at > org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:303) > >at > org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:97) > > > *[package Log]* > 1월 05, 2023 3:58:16 > 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine > validateSuccessfully verified signature using KeyInfo-derived credential 1월 > 05, 2023 3:58:16 > 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine > validateAttempting to establish trust of KeyInfo-derived credential 1월 05, > 2023 3:58:16 > 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine > validateFailed to establish trust of KeyInfo-derived credential 1월 05, 2023 > 3:58:16 > 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine > validateFailed to verify signature and/or establish trust using any > KeyInfo-derived credentials 1월 05, 2023 3:58:16 > 오후 미세 > org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine > doValidateAttempting to verify signature using trusted credentials 1월 05, > 2023 3:58:16 > 오후 미세 > org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine > doValidateFailed to verify signature using either KeyInfo-derived or > directly trusted credentials > > > *[IDP_metadata.xml]* > > > protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" > validUntil="2022-12-29T05:08:17.196Z"> > > http://www.w3.org/2000/09/xmldsig#";> > > Security > > > > > Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=" > https://dev.idp.com:443/samlartresolve"; index="1"/> > > Location=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company > " ResponseLocation=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> > > Location=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company > " ResponseLocation=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> > > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company > " ResponseLocation=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> > > Location=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> > > Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" > https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> > > > > > *[SP_metadata.xml]* > xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" > ID="_41c554a5919e46f7a861e48142ce7828f6eb6b3" entityID=" > http://sp/securityRealm/finishLogin"; > validUntil="2043-01-05T06:58:16.644Z"> > > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> > http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> > http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> > http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> > http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> > http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> > http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> > http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> > http://www.w3.org/2001/04/x
org.pac4j.saml.exceptions.SAMLSignatureValidationException: Signature is not trusted
hI.. Currently, I am integrating Company IDP with Jenkins. in Saml Plugin, "signature is not trusted" Can you help me solve the Error? *[System Log]* *org.pac4j.saml.exceptions.SAMLSignatureValidationException: Signature is not trustedat *org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator.validateSignature(AbstractSAML2ResponseValidator.java:147) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertionSignature(SAML2AuthnResponseValidator.java:669) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:392) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:303) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:97) *[package Log]* 1월 05, 2023 3:58:16 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine validateSuccessfully verified signature using KeyInfo-derived credential 1월 05, 2023 3:58:16 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine validateAttempting to establish trust of KeyInfo-derived credential 1월 05, 2023 3:58:16 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine validateFailed to establish trust of KeyInfo-derived credential 1월 05, 2023 3:58:16 오후 미세 org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine validateFailed to verify signature and/or establish trust using any KeyInfo-derived credentials 1월 05, 2023 3:58:16 오후 미세 org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine doValidateAttempting to verify signature using trusted credentials 1월 05, 2023 3:58:16 오후 미세 org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine doValidateFailed to verify signature using either KeyInfo-derived or directly trusted credentials *[IDP_metadata.xml]* http://www.w3.org/2000/09/xmldsig#";> Security https://dev.idp.com:443/samlartresolve"; index="1"/> https://dev.idp.com:443/samlsso?tenantDomain=display.company"; ResponseLocation="https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> https://dev.idp.com:443/samlsso?tenantDomain=display.company"; ResponseLocation="https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> https://dev.idp.com:443/samlsso?tenantDomain=display.company"; ResponseLocation="https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> https://dev.idp.com:443/samlsso?tenantDomain=display.company"/> *[SP_metadata.xml]* http://sp/securityRealm/finishLogin"; validUntil="2043-01-05T06:58:16.644Z"> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/> http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/> http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"/> http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"/> http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> http://www.w3.org/2001/04/xmlenc#sha256"/> http://www.w3.org/2001/04/xmldsig-more#sha384"/> http://www.w3.org/2000/09/xmldsig#sha1"/> http://sp/securityRealm/finishLogin"/> http://www.w3.org/2000/09/xmldsig#";> Security http://www.w3.org/2000/09/xmldsig#";> Security http://sp/securityRealm/finishLogin?logoutendpoint=true"/> http://sp/securityRealm/finishLogin?logoutendpoint=true"/> http://sp/securityRealm/finishLogin?logoutendpoint=true"/> http://sp/securityRealm/finishLogin?logoutendpoint=true"/> urn:oasis:names:tc:SAML:2.0:nameid-format:persistent http://sp/securityRealm/finishLogin"; index="0"/> *[IDP→SP Response]* http://sp/securityRealm/finishLogin"; ID="_35252c6bbb5c64698a8fe152098273bd" InResponseTo="_b0ed88b36ddc44c5a4b9f9ddd08289dfd058745" IssueInst