Announcement Announcement Module
Collapse
No announcement yet.
SAML Assertion has invalid Signature Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SAML Assertion has invalid Signature

    I am passing a saml assertion of type HOK from client to web service. The body of the soap message is signed. At the web service side, I am getting this error

    Caused by: com.sun.xml.wss.XWSSecurityException: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1311)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveS amlAssertion(KeySelectorImpl.java:981)
    ... 36 more
    Caused by: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:508)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.vali date(DOMXMLSignature.java:232)
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1287)
    ... 37 more
    Caused by: javax.xml.crypto.KeySelectorException: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1169)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.select(K eySelectorImpl.java:256)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:500)
    ... 39 more
    Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.new SOAPFaultException(SOAPUtil.java:120)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:60)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironme ntImpl.validateCertificate(DefaultSecurityEnvironm entImpl.java:677)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1121)
    ... 41 more
    Caused by: com.sun.xml.wss.impl.callback.CertificateValidatio nCallback$CertificateValidationException: Could not create PKIX CertPathBuilder
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:652)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:58)
    ... 43 more
    Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors( PKIXParameters.java:183)
    at java.security.cert.PKIXParameters.<init>(PKIXParam eters.java:140)
    at java.security.cert.PKIXBuilderParameters.<init>(PK IXBuilderParameters.java:113)
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:647)

  • #2
    Originally posted by hello123 View Post
    I am passing a saml assertion of type HOK from client to web service. The body of the soap message is signed. At the web service side, I am getting this error

    Caused by: com.sun.xml.wss.XWSSecurityException: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1311)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveS amlAssertion(KeySelectorImpl.java:981)
    ... 36 more
    Caused by: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:508)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.vali date(DOMXMLSignature.java:232)
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1287)
    ... 37 more
    Caused by: javax.xml.crypto.KeySelectorException: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1169)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.select(K eySelectorImpl.java:256)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:500)
    ... 39 more
    Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.new SOAPFaultException(SOAPUtil.java:120)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:60)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironme ntImpl.validateCertificate(DefaultSecurityEnvironm entImpl.java:677)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1121)
    ... 41 more
    Caused by: com.sun.xml.wss.impl.callback.CertificateValidatio nCallback$CertificateValidationException: Could not create PKIX CertPathBuilder
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:652)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:58)
    ... 43 more
    Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors( PKIXParameters.java:183)
    at java.security.cert.PKIXParameters.<init>(PKIXParam eters.java:140)
    at java.security.cert.PKIXBuilderParameters.<init>(PK IXBuilderParameters.java:113)
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:647)



    Confirm that IIS is installed and running on your computer. For more information about installing and configuring IIS see Installing and Configuring IIS 7.0

    Create a new folder for your application files called "IISHostedCalcService", ensure that ASP.NET has access to the contents of the folder, and use the IIS management tool to create a new IIS application that is physically located in this application directory. When creating an alias for the application directory use "IISHostedCalc".

    Create a new file named "service.svc" in the application directory. Edit this file by adding the following @ServiceHost element.

    Comment


    • #3
      I am waiting for a reply. Please help

      Comment

      Working...
      X