Validation of protocol message signature failed
Cantor, Scott
cantor.2 at osu.edu
Mon Apr 7 11:27:07 EDT 2014
On 4/7/14, 11:14 AM, "Vince Johnson" <vince.walsh at qvc.com> wrote:
> I am getting an error that has been reported before. Sorry for the
>repeat. I have some issue with configuration that I cannot identify. I
>have checked the signing certificate and it appears to match between SP
>metadata (attached to the relying-party.xml) and the Authn HTTP Request.
Well, it doesn't match. Sorry, there's not much else to be said. The log
shows it validating the actual signature with the key from the message,
but it's falling into the PKIX engine, so it's not finding the key in the
metadata to prevent that step.
>I have tried
>different formats of the SP Metadata X509 Certificate (No Line Feed /
>Carriage Returns, Line Feed Only, Line Feed & Carriage Return) and the
>SignatureValue.
Well, you can't do that to the signature, but the metadata itself doesn't
really care much, the base64 decoder generally will handle any of those.
-- Scott
More information about the users
mailing list