-
1. Re: Need sample config for XML Signature Validation and encryption
The way I got the signature to work was to add the following in the picketlink-sts.xml file in the source folder:
<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"
STSName="PicketLinkSTS" TokenTimeout="7200" EncryptToken="false">
<!-- START OF KEYS -->
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="sts.jks"/>
<Auth Key="KeyStorePass" Value="password"/>
<Auth Key="SigningKeyAlias" Value="sts"/>
<Auth Key="SigningKeyPass" Value="password"/>
<!-- <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> -->
</KeyProvider>
<!-- END OF KEYS -->
<TokenProviders>
... REMAINDER OF CONFIG ...
-
2. Re: Need sample config for XML Signature Validation and encryption
Thanks for replying, Scott.
The only thing I see different in your file is that you commented out:
<!-- <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> -->
I still get this behavior:
2011-12-13 11:39:17,942 TRACE [org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve] Retrieved saml messages and relay state from sessionsaml Request message=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vdHRmbHg0MjM6MTgwODAvZW1wbG95ZWUtcG9zdC8iIERlc3RpbmF0aW9uPSJodHRwOi8vdHRmbHg0MjM6MTgwODAvaWRwLyIgSUQ9IklEX2QwMTlmZmIxLTZlMDEtNDQwMy1hNjY5LWYzYWE4OWM2NjMzMCIgSXNzdWVJbnN0YW50PSIyMDExLTEyLTEzVDExOjM5OjA5LjEwNy0wNTowMCIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBWZXJzaW9uPSIyLjAiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vdHRmbHg0MjM6MTgwODAvZW1wbG95ZWUtcG9zdC88L3NhbWw6SXNzdWVyPjxzYW1scDpOYW1lSURQb2xpY3kgQWxsb3dDcmVhdGU9InRydWUiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ii8+PC9zYW1scDpBdXRoblJlcXVlc3Q+::SAMLResponseMessage=null:relay state=nullSignature=null::sigAlg=null
You can see that there is no Signature in the request.
-
3. Re: Need sample config for XML Signature Validation and encryption
do you have the jks file that are using in the same directory as the picketlink-sts.xml? I've enclosed the structure used to create my war file in eclipse.
