Tagged: Access Management, Oauth, oidc
This topic has 0 replies, 1 voice, and was last updated 2 years, 4 months ago by vverma89.
-
AuthorPosts
-
March 4, 2020 at 9:08 pm #27725
vverma89
ParticipantFollowing the https://backstage.forgerock.com/docs/am/5.5/oauth2-guide/#oauth2-saml2-bearer Article to generate Access token for OAuth Client. When submitting the request, the API is able to decode the SAML assertion but giving below error message. I have checked both XML signature algorithm and XML digest algorithm are set to rsa-sha-256. The cert used for SAML signing by IDP is imported in the openam keystore. SAML flow is working with no issues. Any clues what’s making OAuth client unable to verify the signature?
validateCertificate : CRL check is not configured. Just return it is good.
org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:240 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]
signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:240 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]
jceSigAlgorithm = SHA256withRSA
org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:240 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]
jceSigProvider = SunRsaSign
org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:241 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]
PublicKey = Sun RSA public key, 2048 bits
modulus: ……………
public exponent: 65537
org.apache.xml.security.utils.SignerOutputStream:03/03/2020 12:25:16:241 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Trans48db176-2861]
Canonicalized SignedInfo:
org.apache.xml.security.utils.SignerOutputStream:03/03/2020 12:25:16:241 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Trans48db176-2861]
<SignedInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>
<CanonicalizationMethod Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#”></CanonicalizationMethod>
<SignatureMethod Algorithm=”http://www.w3.org/2001/04/xmldsig-more#rsa-sha256″></SignatureMethod>
<Reference URI=”#omitted”>
<Transforms>
<Transform Algorithm=”http://www.w3.org/2000/09/xmldsig#enveloped-signature”></Transform>
<Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#”></Transform>
</Transforms>
<DigestMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#sha256″></DigestMethod>
<DigestValue>Omitted”=</DigestValue>
</Reference>
</SignedInfo>
org.apache.xml.security.signature.XMLSignature:03/03/2020 12:25:16:242 PM EST: Thread[ajp-nio-4789-exec-10,5,main]: Transacdb176-2861]
WARNING: Signature verification failed.
-
This topic was modified 2 years, 4 months ago by
vverma89.
-
This topic was modified 2 years, 4 months ago by
-
AuthorPosts
You must be logged in to reply to this topic.