Foros de discusión
Liferay v7 : SAML response is not valid
Vinodh Kumar Rathnasabapathy, modificado hace 7 años.
Liferay v7 : SAML response is not valid
New Member Mensaje: 1 Fecha de incorporación: 16/08/16 Mensajes recientes
Hi,
I am trying to integrate Liferay v7 and Cordys (BPM Framework) applications using SAML.
Liferay v7 - IP
Cordys - SP
After doing the SAML configurations in both the servers. I am getting the below error "The technical reason: Error creating SAML request/response object because: 'SAML response is not valid.'."
Any help ?
$ cat portal-ext.properties
saml.enabled=true
saml.role=idp
saml.entity.id=ccpfwadev
saml.require.ssl=false
saml.sign.metadata=true
saml.idp.enabled=true
saml.idp.entity.id=ccpfwadev
saml.idp.authn.request.signature.required=true
saml.keystore.path=${liferay.home}/data/saml/apsrd7149.keystore
saml.keystore.password=ccpfwadev
saml.keystore.type=jks
saml.keystore.credential.password[ccpfwadev]=ccpfwadev
saml.metadata.paths=${liferay.home}/data/saml/Cordys_to_Liferay_SPMetadata.xml
saml.idp.metadata.name.id.attribute=screenName
saml.idp.metadata.attributes.enabled[http\://apsrd7149.uhc.com:81/home/CCPFWADEV/?authID=CCPFWAE_CP_DEV_AUTHENTICATOR&organization=o=CCPFWADEV,cn=cordys,cn=ccpfwadev,o=optum.com]=true
saml.idp.metadata.attribute.names[http\://apsrd7149.uhc.com:81/home/CCPFWADEV/?authID=CCPFWAE_CP_DEV_AUTHENTICATOR&organization=o=CCPFWADEV,cn=cordys,cn=ccpfwadev,o=optum.com]=
saml.idp.metadata.name.id.format[http\://apsrd7149.uhc.com:81/home/CCPFWADEV/?authID=CCPFWAE_CP_DEV_AUTHENTICATOR&organization=o=CCPFWADEV,cn=cordys,cn=ccpfwadev,o=optum.com]=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Error from SP LOGS :
com.eibus.security.saml.SamlException: Invalid assertion: signature verification failed.
at com.eibus.sso.saml2.Saml2AssertionVerifier.logAndCreateException(Saml2AssertionVerifier.java:105)
at com.eibus.sso.saml2.Saml2AssertionVerifier.verifySignature(Saml2AssertionVerifier.java:56)
at com.eibus.sso.saml2.Saml2AssertionVerifier.verifyAssertion(Saml2AssertionVerifier.java:47)
at com.eibus.sso.saml2.Saml2Processor.verifySamlResponse(Saml2Processor.java:63)
at com.eibus.sso.applicationconnector.authentication.ConvertAssertionCommand.determineIdentity(ConvertAssertionCommand.java:49)
at com.eibus.sso.applicationconnector.authentication.ConvertIdentityBase.process(ConvertIdentityBase.java:39)
at com.eibus.sso.applicationconnector.authentication.ServiceCommand.process(ServiceCommand.java:56)
at com.eibus.sso.applicationconnector.SSOTransaction.handleServiceCommand(SSOTransaction.java:159)
at com.eibus.sso.applicationconnector.SSOTransaction.process(SSOTransaction.java:107)
at com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1343)
at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:548)
at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:197)
at com.eibus.soap.Processor.onReceive(Processor.java:1024)
at com.eibus.soap.Processor.onReceive(Processor.java:997)
at com.eibus.connector.nom.Connector.onReceive(Connector.java:483)
at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61)
at com.eibus.transport.NonTransactionalWorkerThreadBody.run(NonTransactionalWorkerThreadBody.java:26)
at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67)
I am trying to integrate Liferay v7 and Cordys (BPM Framework) applications using SAML.
Liferay v7 - IP
Cordys - SP
After doing the SAML configurations in both the servers. I am getting the below error "The technical reason: Error creating SAML request/response object because: 'SAML response is not valid.'."
Any help ?
$ cat portal-ext.properties
saml.enabled=true
saml.role=idp
saml.entity.id=ccpfwadev
saml.require.ssl=false
saml.sign.metadata=true
saml.idp.enabled=true
saml.idp.entity.id=ccpfwadev
saml.idp.authn.request.signature.required=true
saml.keystore.path=${liferay.home}/data/saml/apsrd7149.keystore
saml.keystore.password=ccpfwadev
saml.keystore.type=jks
saml.keystore.credential.password[ccpfwadev]=ccpfwadev
saml.metadata.paths=${liferay.home}/data/saml/Cordys_to_Liferay_SPMetadata.xml
saml.idp.metadata.name.id.attribute=screenName
saml.idp.metadata.attributes.enabled[http\://apsrd7149.uhc.com:81/home/CCPFWADEV/?authID=CCPFWAE_CP_DEV_AUTHENTICATOR&organization=o=CCPFWADEV,cn=cordys,cn=ccpfwadev,o=optum.com]=true
saml.idp.metadata.attribute.names[http\://apsrd7149.uhc.com:81/home/CCPFWADEV/?authID=CCPFWAE_CP_DEV_AUTHENTICATOR&organization=o=CCPFWADEV,cn=cordys,cn=ccpfwadev,o=optum.com]=
saml.idp.metadata.name.id.format[http\://apsrd7149.uhc.com:81/home/CCPFWADEV/?authID=CCPFWAE_CP_DEV_AUTHENTICATOR&organization=o=CCPFWADEV,cn=cordys,cn=ccpfwadev,o=optum.com]=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Error from SP LOGS :
com.eibus.security.saml.SamlException: Invalid assertion: signature verification failed.
at com.eibus.sso.saml2.Saml2AssertionVerifier.logAndCreateException(Saml2AssertionVerifier.java:105)
at com.eibus.sso.saml2.Saml2AssertionVerifier.verifySignature(Saml2AssertionVerifier.java:56)
at com.eibus.sso.saml2.Saml2AssertionVerifier.verifyAssertion(Saml2AssertionVerifier.java:47)
at com.eibus.sso.saml2.Saml2Processor.verifySamlResponse(Saml2Processor.java:63)
at com.eibus.sso.applicationconnector.authentication.ConvertAssertionCommand.determineIdentity(ConvertAssertionCommand.java:49)
at com.eibus.sso.applicationconnector.authentication.ConvertIdentityBase.process(ConvertIdentityBase.java:39)
at com.eibus.sso.applicationconnector.authentication.ServiceCommand.process(ServiceCommand.java:56)
at com.eibus.sso.applicationconnector.SSOTransaction.handleServiceCommand(SSOTransaction.java:159)
at com.eibus.sso.applicationconnector.SSOTransaction.process(SSOTransaction.java:107)
at com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1343)
at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:548)
at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:197)
at com.eibus.soap.Processor.onReceive(Processor.java:1024)
at com.eibus.soap.Processor.onReceive(Processor.java:997)
at com.eibus.connector.nom.Connector.onReceive(Connector.java:483)
at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61)
at com.eibus.transport.NonTransactionalWorkerThreadBody.run(NonTransactionalWorkerThreadBody.java:26)
at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67)