Wso2IS 中 SAML 断言的签名验证失败
Signature Validation Failed for the SAML Assertion in Wso2IS
我已经在 wso2 esb 页面中启用了 SSO,它以前工作正常,但是因为我们已经更改了 IS 和 ESB 中的证书。现在,在尝试通过 IS 登录 ESB 时,我得到:SAML 断言的签名验证失败:签名无效。
我也将 Esb 和 IS 证书添加到 wso2is 和 wso2esb 密钥库中。
错误仍然存在。
2015-05-28 09:59:17,281 log_level=WARN thread=http-nio-9443-exec-24 logger=org.apache.xml.security.signature.XMLSignature [Signature verification failed.]
2015-05-28 09:59:17,281 log_level=WARN thread=http-nio-9443-exec-24 logger=org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil [Signature Validation Failed for the SAML Assertion : Signature is invalid.]
2015-05-28 09:59:17,281 log_level=DEBUG thread=http-nio-9443-exec-24 logger=org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil [org.wso2.carbon.identity.base.IdentityException: Signature Validation Failed for the SAML Assertion : Signature is invalid.]
2015-05-28 09:59:17,281 log_level=WARN thread=http-nio-9443-exec-24 logger=org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor [Signature validation for Authentication Request failed.]
2015-05-28 09:59:33,747 log_level=DEBUG thread=pool-29-thread-1 logger=org.wso2.carbon.identity.application.authentication.framework.store.SessionCleanUpService [Start running the Session Data cleanup task.]
2015-05-28 09:59:33,759 log_level=DEBUG thread=pool-29-thread-1 logger=org.wso2.carbon.identity.application.authentication.framework.store.SessionCleanUpService [Stop running the Session Data cleanup task.]
如果同时更改了WSO2IS和WSO2ESB的keystore,则需要导出WSO2IS主keystore的证书,导入到WSO2ESB的primary keystore。然后您需要指定用于将证书导入 WSO2ESB 的主密钥库的 alias 名称。这必须在 属性.
下的 /repository/conf/security/authenticators.xml 文件中配置
<Parameter name="IdPCertAlias">wso2carbon</Parameter>
我已经在 wso2 esb 页面中启用了 SSO,它以前工作正常,但是因为我们已经更改了 IS 和 ESB 中的证书。现在,在尝试通过 IS 登录 ESB 时,我得到:SAML 断言的签名验证失败:签名无效。 我也将 Esb 和 IS 证书添加到 wso2is 和 wso2esb 密钥库中。 错误仍然存在。
2015-05-28 09:59:17,281 log_level=WARN thread=http-nio-9443-exec-24 logger=org.apache.xml.security.signature.XMLSignature [Signature verification failed.]
2015-05-28 09:59:17,281 log_level=WARN thread=http-nio-9443-exec-24 logger=org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil [Signature Validation Failed for the SAML Assertion : Signature is invalid.]
2015-05-28 09:59:17,281 log_level=DEBUG thread=http-nio-9443-exec-24 logger=org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil [org.wso2.carbon.identity.base.IdentityException: Signature Validation Failed for the SAML Assertion : Signature is invalid.]
2015-05-28 09:59:17,281 log_level=WARN thread=http-nio-9443-exec-24 logger=org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor [Signature validation for Authentication Request failed.]
2015-05-28 09:59:33,747 log_level=DEBUG thread=pool-29-thread-1 logger=org.wso2.carbon.identity.application.authentication.framework.store.SessionCleanUpService [Start running the Session Data cleanup task.]
2015-05-28 09:59:33,759 log_level=DEBUG thread=pool-29-thread-1 logger=org.wso2.carbon.identity.application.authentication.framework.store.SessionCleanUpService [Stop running the Session Data cleanup task.]
如果同时更改了WSO2IS和WSO2ESB的keystore,则需要导出WSO2IS主keystore的证书,导入到WSO2ESB的primary keystore。然后您需要指定用于将证书导入 WSO2ESB 的主密钥库的 alias 名称。这必须在 属性.
/repository/conf/security/authenticators.xml 文件中配置
<Parameter name="IdPCertAlias">wso2carbon</Parameter>