[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML signature core validation always returns false
Hi all, Could anybody help me to analyze my problem? This is the case: The code in my server (let's say B) is responsible in verifying the SAML Response sent from another server (let's say A) which requests authentication in my side. However, the signature verification always returns fail. I found that it failed on executing XMLSignature.validate(XMLValidateContext validateContext) method. FYI, I am using OpenSAML 2.4.1, and Java 1.6.0_22. A and B use the same code to sign and verify the SAML signature. It has the same environment (Java version, and the version of all the dependent libraries) and also uses the same keystore. It doesn't fail in checking the certificate stored in keystore, after skipping the core signature validation. I also tried to compare two different signed SAML Response from both A and B which come from exactly the same unsigned SAML Response. The only differences are only on DigestValue and SignatureValue, and the others are the same. Another information, the signed SAML signature generated from my server (B) will not have that problem, in which signature validation always returns true. I just wonder why DigestValue and SignatureValue can be different from exactly the same SAML response. Is this the main cause of my problem? Anyway, you can see my code in http://pastebin.com/EzhXusQE. Please let me know if you need more information to help me analyzing this problem. Thank you for your attention :). -- Regards, Aprian Diaz Novandi http://knightdna.net "Giri lusi janma tan kena ingina"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]