issue with SP Initiated Login

This topic contains 3 replies, has 2 voices, and was last updated by  aniru2dh 1 week ago.

  • Author
    Posts
  • #22275
     aniru2dh 
    Participant

    Hi Team,

    I have setup OpenAM As IDP and Tableau as SP. The configuration setup on both sides is fine. We have imported the metadata from SP and the certificate. the certificate .cer which was provided by tableau was imported to keystore.jks and is available. When we access the IDP Initiated URL, it works fine. But the SP Initiated login fails with an error “500- Invalid Signature in the request”. But the cer file was imported during the SP setup.
    In Federation Logs we could see below error Messages:

    libSAML2:06/11/2018 10:51:50:614 PM IST: Thread[http-nio-8443-exec-9,5,main]: TransactionId[72ae5c66-802c-4b06-9018-4f8fb1fd7836-251]
    ERROR: FMSigProvider.isValidSignature: Signing Certificate is validated as bad.
    libSAML2:06/11/2018 10:51:50:614 PM IST: Thread[http-nio-8443-exec-9,5,main]: TransactionId[72ae5c66-802c-4b06-9018-4f8fb1fd7836-251]
    ERROR: FMSigProvider.verify: Signature verification failed.
    libSAML2:06/11/2018 10:51:50:614 PM IST: Thread[http-nio-8443-exec-9,5,main]: TransactionId[72ae5c66-802c-4b06-9018-4f8fb1fd7836-251]
    ERROR: UtilProxySAMLAuthenticator.authenticate: authn request verification failed.

    Please let us know if we are missing something

    #22279
     Peter Major 
    Moderator

    Looks like you have enabled certificate revocation checks and the certificate in question was actually revoked.

    #22286
     aniru2dh 
    Participant

    @peter-major

    I am novice in this topic.Could you please provide me more information about certificate revocation checks and how it impacts the request processing.

    Thanks,
    Anirudh.

    #22304
     aniru2dh 
    Participant

    Also I see a different error message while accessing IDP Initiated URL for a different application. I suspect this is because of certificate issue. I see below errors in Federation logs.

    libSAML:06/13/2018 08:34:47:072 PM IST: Thread[http-nio-8443-exec-2,5,main]: TransactionId[89762f06-1fdf-45bb-8753-f13fc36ceea9-2502]
    ERROR: Given final block not properly padded
    libSAML2:06/13/2018 08:34:47:073 PM IST: Thread[http-nio-8443-exec-2,5,main]: TransactionId[89762f06-1fdf-45bb-8753-f13fc36ceea9-2502]
    ERROR: FMSigProvider.sign: The private key was null.
    libSAML2:06/13/2018 08:34:47:073 PM IST: Thread[http-nio-8443-exec-2,5,main]: TransactionId[89762f06-1fdf-45bb-8753-f13fc36ceea9-2502]
    ERROR: Error processing request
    com.sun.identity.saml2.common.SAML2Exception: The private key was null.

    Considering the two issues mentioned in the post, does this has something to do with the Keystore of OpenAM or is it the metadata from SP that has the problem.

    Thanks,
    Anirudh.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?