Skip to Content.
Sympa Menu

mace-opensaml-users - org.opensaml.InvalidCryptoException: SAMLSignedObject.verify() failed to validate signature value

Subject: OpenSAML user discussion

List archive

org.opensaml.InvalidCryptoException: SAMLSignedObject.verify() failed to validate signature value


Chronological Thread 
  • From:
  • To:
  • Subject: org.opensaml.InvalidCryptoException: SAMLSignedObject.verify() failed to validate signature value
  • Date: Mon, 10 Oct 2005 17:03:42 -0400 (EDT)

Please help with my exception. Here is my code snippet that verifies the
signature:
//-------------------------------
X509Certificate cert = null;
boolean signed = responseSAML.isSigned();
Iterator it = responseSAML.getX509Certificates();
while (it.hasNext()) {
cert = (X509Certificate) it.next();
}
if (signed && ks != null) {
responseSAML.verify(cert);
}
//------------------------------------
I get following error

org.opensaml.InvalidCryptoException: SAMLSignedObject.verify() failed to
validate signature value
//----------------------------------------------------------
Please help me resolve this one. Below is my XML document


<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
IssueInstant="2005-10-10T18:05:00.769Z" MajorVersion="1" MinorVersion="1"
Recipient="http://www.opensaml.org";
ResponseID="_7d638eead88f084218c7ef4645186d02"><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#_7d638eead88f084218c7ef4645186d02">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind
rw saml samlp typens #default xsd
xsi"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>ZnLWtq5guSG3DJgMM/6S1+ZR+bQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>GRsBpQVzNEqpVNarzSLUIreylex+KFpO7seeq15UAwBuhg4XWSUREA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIC3zCCApwCBEL5UskwCwYHKoZIzjgEAwUAMFUxCzAJBgNVBAYTAjIzMQswCQYDVQQIEwJDQTEN
MAsGA1UEBxMEQ0lUWTELMAkGA1UEChMCSE4xCzAJBgNVBAsTAkhOMRAwDgYDVQQDEwdBYXNoaXNo
MB4XDTA1MDgxMDAxMDUxM1oXDTA1MTEwODAxMDUxM1owVTELMAkGA1UEBhMCMjMxCzAJBgNVBAgT
AkNBMQ0wCwYDVQQHEwRDSVRZMQswCQYDVQQKEwJITjELMAkGA1UECxMCSE4xEDAOBgNVBAMTB0Fh
c2hpc2gwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/
gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfG
G/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKS
uYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEH
EIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+
qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAmm6PLPyQBkRrNntwobjv6dNgcqnJo
CqQRQs8KGRF2SgTKnDofyfPtjHP1g1+FAdOhw2S4quIxDR4t8ikiDagYn8xFbX3Jq4slG7tqYrs+
yD7QJdwwIai5/VMx1z0Uk4A8drWRMKw8FN2AaQz9Tpy99TEq82Q6wpHWNUdc47STKzALBgcqhkjO
OAQDBQADMAAwLQIVAIXXTT3PTp/Ry8+RWTo302guPB1SAhRgqZlCvE7o6cdIDutbz2CDh9gOZg==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="_f5725c58ed2d6019d41e728931a631b0"
IssueInstant="2005-10-10T18:05:00.957Z" Issuer="http://www.opensaml.org";
MajorVersion="1" MinorVersion="1"><Conditions
NotBefore="2005-10-10T18:05:00.910Z"
NotOnOrAfter="2005-10-10T18:06:00.910Z"><AudienceRestrictionCondition><Audience>http://www.opensaml.org</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement
AuthenticationInstant="2005-10-10T18:05:00.910Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Subject><NameIdentifier>foo</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement><AttributeStatement><Subject><NameIdentifier>foo</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bea
rer</ConfirmationMethod></SubjectConfirmation></Subject><Attribute
AttributeName="fn"
AttributeNamespace="fn"><AttributeValue></AttributeValue></Attribute><Attribute
AttributeName="ln"
AttributeNamespace="ln"><AttributeValue></AttributeValue></Attribute><Attribute
AttributeName="au"
AttributeNamespace="au"><AttributeValue>OMSOMShealthnet</AttributeValue></Attribute><Attribute
AttributeName="ea"
AttributeNamespace="email"><AttributeValue></AttributeValue></Attribute><Attribute
AttributeName="mid"
AttributeNamespace="mid"><AttributeValue>35092</AttributeValue></Attribute></AttributeStatement></Assertion></Response>



Archive powered by MHonArc 2.6.16.

Top of Page