I am having one SP and two Idp's (one local and other is third party Idp). I have enabled all the handlers as shown in the quickstart. I would like to enable "SupportsSignatures" to "true" and send singed requests/responses. I am facing problem in the following scenario.
1. SP and local IDP uses the same certificate in the keystore. When "SupportsSignatures" is enabled to "true", everything works fine.
2. I have imported the third party Idp certificate into the keystore using "keytool" command with alias "servercert".
3. Added another "ValidatingAlias" to SP's picketlink.xml file and the value pointed to the alias "servercert".
<ValidatingAlias Key="xyz.abc" Value="servercert" />
4. When I tried to access the application using the third party Idp, I am getting the following error:
org.picketlink.identity.federation.core.saml.v2.exceptions.SignatureValidationException: PLFED000142: Signature Validation failed
5. I also tried to use the same alias which I have used with local IDP, but still got the same error.
I would like your help in how to enable the signatures for the third party Idp.
I needed only to generate the signatures. I do not have to validate them. I have used the solution provided by Sheetul Agrawal in the topic"Picketlink SP errors out during signature validation on a Signed + Encrypted SAML token".
I have commented SAML2SignatureValidationHandler in my Picketlink.xml files and is working as expected.