SP Signature Validation Error
jspangler Jan 29, 2015 10:51 AMI'm new to Picketlink and SAML, so this may be a bit of a noob question. I've set up an SP on JBoss that uses Microsoft ADFS as the IDP, following the example found here: http://jianmingli.com/wp/?p=8956
I have the SP working correctly so long as I set SupportsSignatures="false" in the picketlink.xml file of my WAR file. When I set the value to true, however, I get the following exception:
java.lang.RuntimeException: PL00092: Null Value:Public Key
at org.picketlink.identity.federation.DefaultPicketLinkLogger.nullValueError(DefaultPicketLinkLogger.java:204)
at org.picketlink.identity.federation.core.util.XMLSignatureUtil.validate(XMLSignatureUtil.java:370)
at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.validate(SAML2Signature.java:276)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:121)
...
2015-01-28 16:23:19,239 ERROR [org.picketlink.identity.federation] (xxx) Service Provider could not handle the request.
org.picketlink.identity.federation.core.exceptions.ProcessingException: PL00009: Invalid Digital Signature:Error validating signature.
at org.picketlink.identity.federation.DefaultPicketLinkLogger.samlHandlerInvalidSignatureError(DefaultPicketLinkLogger.java:1597)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyPostBindingSignature(SAML2SignatureValidationHandler.java:124)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:92)
...
I have a certificate stored in a local keystore, and I've configured the picketlink.xml file to use that keystore with the correct password (attached).
I'm sure I must have something misconfigured, but I can't figure out what that might be. Has anyone run into this issue before?
-
picketlink.xml 1.9 KB