1 Reply Latest reply on Jan 29, 2016 1:06 AM by Krishna Shiva

    Sending signed requests to third party IDP

    Krishna Shiva Newbie

      Hello All,

       

        I am having one SP and two Idp's (one local and other is third party Idp). I have enabled all the handlers as shown in the quickstart. I would like to enable "SupportsSignatures" to "true" and send singed requests/responses. I am facing problem in the following scenario.

      1. SP and local IDP uses the same certificate in the keystore. When "SupportsSignatures" is enabled to "true", everything works fine.

      2. I have imported the third party Idp certificate into the keystore using "keytool" command with alias "servercert".

      3. Added another "ValidatingAlias" to SP's picketlink.xml file and the value pointed to the alias "servercert".

           <ValidatingAlias Key="xyz.abc" Value="servercert" />

      4. When I tried to access the application using the third party Idp, I am getting the following error:

           org.picketlink.identity.federation.core.saml.v2.exceptions.SignatureValidationException: PLFED000142: Signature Validation failed

      5. I also tried to use the same alias which I have used with local IDP, but still got the same error.

       

      I would like your help in how to enable the signatures for the third party Idp.

       

      Thanks,

      Krishna