2 Replies Latest reply on Dec 5, 2012 4:12 AM by lmoren

Cannot verify SAML2 (Shibboleth) response signature

lmoren Aug 15, 2012 6:56 AM

I try to build Shibboleth SP using Picketlink SPFilter v. 2.1.3. To test an implementation I use testshib.org identity provider.

Everything works fine, however when PicketLink tries to verify signature of incoming Shibboleth response I get the following error:

https://gist.github.com/3358846

Is it maybe connected with: https://issues.jboss.org/browse/PLFED-284

Also can you confirm that the public key that is used to verify signature on the assertion is obtained from the keystore and not from the SAML2 assertion?

Thanks in advance for any help.

Cheers, Lukasz

1. Re: Cannot verify SAML2 (Shibboleth) response signature

jirutka Dec 2, 2012 6:57 AM (in response to lmoren)

Hi Lukasz,

could you please share your configuration how to use PicketLink as Shibboleth SP? I can’t figure out how to get it work and find any information that can help me with it.
Actions
2. Re: Cannot verify SAML2 (Shibboleth) response signature

lmoren Dec 5, 2012 4:12 AM (in response to jirutka)

Hi Jakub,

I used org.picketlink.identity.federation.web.filters.SPFilter in my application, and follow this tutorial: https://docs.jboss.org/author/display/PLINK/Picketlink+as+SP,+Salesforce+as+IDP.
It works quite well with Shibboleth. As I remember I've used version 2.0.3.Final - there were some problems with newer releases.

Just out of curiosity, what you are trying to build:)?

Cheers, Lukasz Moren
Actions

Go to original post