Getting this exception when testing SAML sso with shibboleth: SAML_SSO: The signature does not meet the requirements indicated by the SAML profile of the XML signature

0
Getting this exception when testing SAML sso with shibboleth: SAML_SSO: The signature does not meet the requirements indicated by the SAML profile of the XML signature   Logs: 2019-03-04T16:12:47.934529 [APP/PROC/WEB/0]   WARNING - SAML_SSO: The signature does not meet the requirements indicated by the SAML profile of the XML signature 2019-03-04T16:12:47.934577 [APP/PROC/WEB/0]   WARNING - SAML_SSO: org.opensaml.xml.validation.ValidationException: SignableSAMLObject does not have a cached DOM Element. 2019-03-04T16:12:47.934663 [APP/PROC/WEB/0]       at org.opensaml.security.SAMLSignatureProfileValidator.validateReferenceURI(SAMLSignatureProfileValidator.java:146) 2019-03-04T16:12:47.934697 [APP/PROC/WEB/0]       at org.opensaml.security.SAMLSignatureProfileValidator.validateSignatureImpl(SAMLSignatureProfileValidator.java:84) 2019-03-04T16:12:47.934728 [APP/PROC/WEB/0]       at org.opensaml.security.SAMLSignatureProfileValidator.validate(SAMLSignatureProfileValidator.java:56) 2019-03-04T16:12:47.934767 [APP/PROC/WEB/0]       at saml20.implementation.wrapper.MxSAMLObject.verifySignature(MxSAMLObject.java:115) 2019-03-04T16:12:47.934824 [APP/PROC/WEB/0]       at saml20.implementation.wrapper.MxSAMLResponse.validateResponse(MxSAMLResponse.java:81) 2019-03-04T16:12:47.934831 [APP/PROC/WEB/0]       at saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:60) 2019-03-04T16:12:47.934880 [APP/PROC/WEB/0]       at saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:33) 2019-03-04T16:12:47.934917 [APP/PROC/WEB/0]       at saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:167)   2019-03-04T16:12:48.113274 [APP/PROC/WEB/0]   ERROR - SAML_SSO: Unable to validate Response, see SAMLRequest overview for detailed response. Error: org.opensaml.xml.validation.ValidationException: The response is not signed correctly ID:[_d9021e4889f72c30b99bce2e27237c93] 2019-03-04T16:12:48.113299 [APP/PROC/WEB/0]   ERROR - SAML_SSO: org.opensaml.common.SAMLException: org.opensaml.xml.validation.ValidationException: The response is not signed correctly ID:[_d9021e4889f72c30b99bce2e27237c93] 2019-03-04T16:12:48.113304 [APP/PROC/WEB/0]       at saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:175) 2019-03-04T16:12:48.113307 [APP/PROC/WEB/0]       at saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:33) 2019-03-04T16:12:48.113309 [APP/PROC/WEB/0]       at saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:167)
asked
3 answers
1

Hi Abhijit,

I'm not familiar with shibboleth, but are you sure you have exported the IdP metadata from your identity provider and imported it into the Mendix application? Thereby it should take the right signature value,

answered
0

There are some excellent validation tools available online. What do these say about the message your Shibboleth generated?

answered
0

To  bypass this error, I had to disable assertion encryption.

answered