I'm new to Picketlink and SAML, so this may be a bit of a noob question. I've set up an SP on JBoss that uses Microsoft ADFS as the IDP, following the example found here: http://jianmingli.com/wp/?p=8956

I have the SP working correctly so long as I set SupportsSignatures="false" in the picketlink.xml file of my WAR file. When I set the value to true,  however, I get the following exception:

java.lang.RuntimeException: PL00092: Null Value:Public Key

  at org.picketlink.identity.federation.DefaultPicketLinkLogger.nullValueError(DefaultPicketLinkLogger.java:204)

  at org.picketlink.identity.federation.core.util.XMLSignatureUtil.validate(XMLSignatureUtil.java:370)

  at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:276)

  at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:121)

...

2015-01-28 16:23:19,239 ERROR [org.picketlink.identity.federation] (xxx) Service Provider could not handle the request.

org.picketlink.identity.federation.core.exceptions.ProcessingException: PL00009: Invalid Digital Signature:Error validating signature.

  at org.picketlink.identity.federation.DefaultPicketLinkLogger.samlHandlerInvalidSignatureError(DefaultPicketLinkLogger.java:1597)

  at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:124)

  at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:92)

...

I have a certificate stored in a local keystore, and I've configured the picketlink.xml file to use that keystore with the correct password (attached).

I'm sure I must have something misconfigured, but I can't figure out what that might be. Has anyone run into this issue before?