How to configure PicketLink Federation with Signature where SP and IDP have different keystores?
Issue
- How to configure PicketLink Federation with Signature where SP and IDP have different keystores?
- When configuring PicketLink Federation with Signature having different keystores for IDP and SP, the following issue occurs:-
13:53:26,038 ERROR [org.picketlink.common] (http-/127.0.0.1:8080-1) Exception in processing request:: org.picketlink.common.exceptions.ProcessingException: org.picketlink.common.exceptions.fed.SignatureValidationException: PL00009: Invalid Digital Signature:Signature Validation Failed
at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.constructSignatureException(SAML2SignatureValidationHandler.java:157) [picketlink-federation-2.5.3.SP10-redhat-1.jar:2.5.3.SP10-redhat-1]
at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:104) [picketlink-federation-2.5.3.SP10-redhat-1.jar:2.5.3.SP10-redhat-1]
at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.handleRequestType(SAML2SignatureValidationHandler.java:52) [picketlink-federation-2.5.3.SP10-redhat-1.jar:2.5.3.SP10-redhat-1]
at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.processSAMLRequestMessage(AbstractIDPValve.java:857) [picketlink-jbas7-2.5.3.SP10-redhat-1.jar:2.5.3.SP10-redhat-1]
at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.handleSAMLMessage(AbstractIDPValve.java:427) [picketlink-jbas7-2.5.3.SP10-redhat-1.jar:2.5.3.SP10-redhat-1]
...
Caused by: org.picketlink.common.exceptions.fed.SignatureValidationException: PL00009: Invalid Digital Signature:Signature Validation Failed
at org.picketlink.common.DefaultPicketLinkLogger.samlHandlerSignatureValidationFailed(DefaultPicketLinkLogger.java:1578)
... 15 more
13:53:26,217 ERROR [org.picketlink.common] (http-/127.0.0.1:8080-1) Service Provider could not handle the request.: java.lang.IllegalArgumentException: PL00092: Null Value:No assertions in reply from IDP
at org.picketlink.common.DefaultPicketLinkLogger.samlHandlerNoAssertionFromIDP(DefaultPicketLinkLogger.java:1411)
at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:424) [picketlink-federation-2.5.3.SP10-redhat-1.jar:2.5.3.SP10-redhat-1]
...
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_17]
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.3.x
- 6.4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.