Signature Verification failed while using SAML Assertions as Authorization Grat

Home Forums ForgeRock Products Access Management Signature Verification failed while using SAML Assertions as Authorization Grat

Learn more about our upcoming Identity Summits

Tagged: , ,

This topic has 0 replies, 1 voice, and was last updated 5 months ago by vverma89.

  • Author
    Posts
  • March 4, 2020 at 9:08 pm #27725
     vverma89
    Participant

    Following the https://backstage.forgerock.com/docs/am/5.5/oauth2-guide/#oauth2-saml2-bearer Article to generate Access token for OAuth Client. When submitting the request, the API is able to decode the SAML assertion but giving below error message. I have checked both XML signature algorithm and XML digest algorithm are set to rsa-sha-256. The cert used for SAML signing by IDP is imported in the openam keystore. SAML flow is working with no issues. Any clues what’s making OAuth client unable to verify the signature?

    validateCertificate : CRL check is not configured. Just return it is good.

    org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:240 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]

    signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

    org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:240 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]

    jceSigAlgorithm = SHA256withRSA

    org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:240 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]

    jceSigProvider = SunRsaSign

    org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:241 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]

    PublicKey = Sun RSA public key, 2048 bits

    modulus: ……………

    public exponent: 65537

    org.apache.xml.security.utils.SignerOutputStream:03/03/2020 12:25:16:241 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Trans48db176-2861]

    Canonicalized SignedInfo:

    org.apache.xml.security.utils.SignerOutputStream:03/03/2020 12:25:16:241 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Trans48db176-2861]

    <SignedInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”&gt;

    <CanonicalizationMethod Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#”></CanonicalizationMethod&gt;

    <SignatureMethod Algorithm=”http://www.w3.org/2001/04/xmldsig-more#rsa-sha256″></SignatureMethod&gt;

    <Reference URI=”#omitted”>

    <Transforms>

    <Transform Algorithm=”http://www.w3.org/2000/09/xmldsig#enveloped-signature”></Transform&gt;

    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#”></Transform&gt;

    </Transforms>

    <DigestMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#sha256″></DigestMethod&gt;

    <DigestValue>Omitted”=</DigestValue>

    </Reference>

    </SignedInfo>

    org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:242 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]

    WARNING: Signature verification failed.

    • This topic was modified 5 months ago by vverma89.
  • Author
    Posts
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?