error processing incoming assertion: Message was signed, but signature could not be verified.

Pavan Kishore Vuppada pavankishore.vuppada at broadcom.com
Thu Jul 2 11:10:53 UTC 2020 

Hi,

I have configured Siteminder as IDP & Shibboleth as SP. 
I am trying to sign and encrypt the assertion. On the shibboleth side, it is not able to verify the signature. But if we individually either sign or encrypt assertion, it is working fine without any problems.
The error in the logs are very generic (Error - error processing incoming assertion: Message was signed, but signature could not be verified).
Is there a way to know what exactly has caused the failure? I have enabled DEBUG logging, but there is not much info. there. Can we check the part of XML / signature which is causing the problem ?

Following are the logs from Shibboleth
----------------------------------------------------
2020-07-02 16:32:46 DEBUG OpenSAML.MessageDecoder.SAML2POST [1] [default]: decoded SAML message:
<ns5:Response xmlns:ns5="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="http://www.w3.org/2009/xmlenc11#" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" Destination="http://lodibl209bvm099.ihy.broadcom.net/Shibboleth.sso/SAML2/POST" ID="_81609d03ea4c9463f70231fc9c0a5a760cc2" InResponseTo="_7f8822faa9a9d434327b021d4fff8eac" IssueInstant="2020-07-02T11:02:57.203Z" Version="2.0">

    <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">Siteminder_IDP</ns2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_81609d03ea4c9463f70231fc9c0a5a760cc2"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>eEqGBMQtvNzJ0xflGstvdxsAiZYXhbt/egEMo508xgY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>DygyEM8lIL6qBDt85vjkMFz8D4960kN4WHcIZ+lsYBIl32wTeJxSidwX0p9Ouv/L5U6zDEisU+lZNrrax0CeHaI63t0/AzXAHxvLR9xCWV66GD1oiJKPrziGWbdTlsPQj7ZZ3iJVmngpw7wkFaVAdEVhKH+orlCM2MRVQlQcodB+nr8Xhkjbq+PBetXtHjSndrulwOQ+0PzdiZK+MhN9gMtqJLBJ19r2wevoD0G3hhyU/NCSNm+D8MabtoeEceOezTAooumEMiELyPOG5TiAiVv0PXYxd7ueJxarLNrH4CR/cBi53NMA35rKt4Q67J92skLeo36t3R1uzBvHKLxutQ==</ds:SignatureValue><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIElTCCAn0CARYwDQYJKoZIhvcNAQELBQAwgc8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTETMBEGA1UEBwwKRnJhbWluZ2hhbTELMAkGA1UECgwCQ0ExJDAiBgNVBAsMG0N1c3RvbWVyTGFiIEVuZ2cgU2VjdXJpdHlCVTEuMCwGA1UEAwwlT3BlblNTTFNlbGZTaWduZWRSb290Q0EtZnJtY2wwMDF2bTA0MDE7MDkGCSqGSIb3DQEJARYsT3BlblNTTFNlbGZTaWduZWRSb290Q0EtZnJtY2wwMDF2bTA0MEBjYS5jb20wHhcNMTUwMzIzMTE0NzEwWhcNMzUwMzE4MTE0NzEwWjBRMQswCQYDVQQGEwJJTjELMAkGA1UECAwCVEcxDDAKBgNVBAcMA0hZRDELMAkGA1UECgwCQ0ExDDAKBgNVBAsMA1NCVTEMMAoGA1UEAwwDSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HiaRX6GHwxZ4D8ex2y3sEGecuc43YzOHn7y7G/6pxMxfbw8fT1f/8gnY8X/rf+N1nMhYxSVtkV018biCzwPSaQRrbNs0X95IbQMlid7BH/QWfBgCxm+ooUPYx3rE+oq6lJdm3BP0F+d6YrwWlMVaVYUohpZXGwqsbuUGyZc+ij1VqtTgmnK+wTDv1xmkfzeGaXyOirZemZjUDsH5sikugXOctBrUh6FPrYFa0b0i7ylPT5GYV9Xt1V0EVGT/WuMxHACjb/+rI16Ime/t0llhwOavNSGFjqJFJxZ3PI3NIpYcVgPjQVWj6/nrp3l7K9Zc27A7odmHOlw84zalbQYKwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAdTEKsmzBsE/+Wj9xTqfYKjnid5xN9pFPlUbqDZcQL4diODhTt97BC3nDoXQyLW3HhDcY8ba3mOAKnTVeNzNo0ucOjjnEoUBtzkWLQ3naxLFjNMzcYxnp+cRuc66hNBNggbPwZOMFXwxwBKXiuiMNxeVpNzVD/i9VtmY4MJqxBehV6FHWCODCuZUxqTK461CGaD0UFO0WSgqQSLxN3MS5pUhdKEhPXrBwpPMYQCn4G9BaxkP4pPvOAs+axHtNT3RqeZfUN+eYF6TWCTu9zyOtR/10NUVZ8ozajUtr/IMtSNHYyz27D44cxgoXvkLwRAkQs7ZqQ9jf43iO6KsO4XFBpVLKDWO6s7qRwIRJekl97CJ6Ap4ADPPACGHAxvCTOwV4+QK86CPoGxWspIowXBYpfsGWaTieyAzHhom7J8Y10AZv7nMdJBeGsBrNP4yToF/Y7BXnVB6yw9GjRYYITmtizf9CHeGV3XwHw/25NOn7TJsd6jHrMOhke9Dj12HYzpQcu07xBtXLzThuqOKI5XeVEQZK+qZeAY6bByl57bTUfIF5nzojAZ7TkM8Ts4qHyBeCeruPlGi9oa/vPCdGbw9B34osKVp62Gly+025SCCBS/ZUj1sXnRqPhZt8fCU7MUlFgDKj6MwVzkydTVVeDQYI+igTEqaXwPaUWe0VdxkypLg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>

    <ns5:Status>

        <ns5:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

    </ns5:Status>

    

<ns2:EncryptedAssertion xmlns="http://www.w3.org/2009/xmlenc11#" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" xmlns:ns5="urn:oasis:names:tc:SAML:2.0:protocol"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><xenc:CipherData><xenc:CipherValue>iqcSvPoMJwlICu2gHAnphnAvErcf8wozZCXpbiRIxkJTEgk8IPjjjW6xPww6evhIhZfh1b4sti+vDDSoG4xYoBm2QJveIfUrCBK0aE98fbeY2EZ6V9uhzSs3/B/tO4FT9w+CpcRcAw6bIM7iLoDKDqk5mpnB4vIMMJ2Rwv8oRmWH7Z0LcceqphCqeiFwMcxJYPniSk70W0GmGqkvWWHEdaFy4I8+0YKJYZY6gWCo30oex/AB+Rf8ScFxqVlzuwLqid7+IkRcy8qy7r2KarA+BgToNDwx2VNgoYwUDm+5uZXvZSILcPK4DxFixVZeyrtlTbEbjz0zAxlTNyMAYF17w9Fq2jiKMrH8jdi1WUrxGmAlnt00mzNQi2/LCEVde+OCEngbWIFjgw5VDlN3o4bQ/r9N+C/29i9pcZyH44jIj3ZWp3YvJOfeCBDcvQCoPR1FyrU1buNvNUUZcY9HSjasgf6sL9A87YZWE1IfU2cxPxzrSuNv5ZekZX5Ct5hrUUQe</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><ds:X509Data><ds:X509Certificate>MIIEMjCCApqgAwIBAgIUcjWC8rJ70KW6BLY9cmSkrN+x5cswDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAxMgbG9kaWJsMjA5YnZtMDk5LmloeS5icm9hZGNvbS5uZXQwHhcNMjAwNTE4MDcyNDIwWhcNMzAwNTE2MDcyNDIwWjArMSkwJwYDVQQDEyBsb2RpYmwyMDlidm0wOTkuaWh5LmJyb2FkY29tLm5ldDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANqwh8a8w0OyGYpaBqs33JEkUi5gIfYxue7nZ0qODdvFED1X8n8f4kpabAFOKvtur5Ld4Usq70Jqy6ZHWq5j1Y6idRAzruXlI7BbW98WgtHDI8iXmUlxHmxPMoXsqbJO9a2fGGpFJ7M5hFl1vy8B7ubiq8O6yeDjjxtGrZRR5himzudoL1904Sqgp2aTgjvunczumxCS0LaLwYvHyKBJceQmQTcnHm4GWA8i2H6/DUXZ1pLSj7W+oANmDPHV4fALxNqCnOTrR54t+vnCa4uGoMBTiChCNVpLkoIGhJ1A86Sc4CQ6nJ9TnWV8KcJMYPZyP5OJ4vvn8KT3cX9oYPq2vhD5GfdHlVLgOvQo2Sjl+WcMKhAsQqPBKoMjT1rnuJ7nvsg6UMJwgF3a7ffyx8umEVPIdXmP/Yy1sCfJi1OWS30YlOUpQGPhaGtBeGdNruJrJgA7Wvd5L0MIRX3jN6z8q3U6WTw5wrCTIapvsJOa+ebZTg6ZSzUFqq28Nga5xrXGhwIDAQABo04wTDArBgNVHREEJDAigiBsb2RpYmwyMDlidm0wOTkuaWh5LmJyb2FkY29tLm5ldDAdBgNVHQ4EFgQUUTrI9lmUageZpOnjMsr6LccGTMMwDQYJKoZIhvcNAQELBQADggGBAJPcGFHAMXZvmRv5kJHWldtHSN3+Id1iUR/ZuXiH64WUhrLfY2P/BTnpR7TPWBKtpsTOx45tqcwP34blLBITupcxDL8OE1OpaHn7cGj1PO3XYzZshmEZ9yrg217KoOLapQ0AOT/m189iFU5jEEiazuSRSQ1Wp7OP44sSoXxwlaaBO5viGbsJsY8+Z8cPCY1pO1rzGFBnF2C5Sm+HlprTxev7nRoCa0j9w8P6RilcNYJbPGguTmeW66pzjAeRFa0KRZG6/D7sKWbQcL4af4m6/Rj/sbgllAJnW2wyVtl8S9gcXMcVRtjgwhU5+3DsWx5NJ6p0/SfIEZoMS+8HEQJuQ0BXpx/d/dwHATsIT2zoamZiLcZwrAxUAKrNXLVM/h514f3xflaFanbhJWtKb8gA/nRhyhz8veGK2/dpQfMf1FBBYtQYJG7RfB3mgOHCGSxTTiBwdKaYEDT2hI++SPQlYHd48UcbMR3kcZIfyNo7fiBh5PBFci68xORAF16Y2PcTng==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Cg1IXJRptXlonmtds0edoglE+qMIbWHzncTBbrGFJZ5I8uKn5X/BpDfeOr2+iuBUfRxX1/yN7g/muPehq+GEK/A03Gum9pM4vyBZzRSLbbMSN1JMQDFyk7K+WHuDlvqdy0i0ss+7/3JDoJn7ijsd0gyloZx6Z1kD0eUKt1mcsqUqX7eK94O81Nk1jC7vE7nhkvaHKg3IL5IjHbv0IRP+wY27dj+0fLQu1DLL/moiAdfNwhDABRCwxdWo7ezpKd7YvaVLxMGJiKLLIbw7RU5SY0ItHTsHOvrC4tvj2rRTwoZgl3c4AIeNq7yqk1j8WSWkb2Lp5SqurZjkV4i1ysw9unppA9MrkpE77chR9VRD6PmP/TyK66fJ+aguWu2EtV5iHJdpge5oZRsUTCkNzxnDRDwpMwY5cKD7jr8ICpUsXGC6nNCLOWeY6WKsxBl/PyBCgw7bV27sUjQil4Ispzl1N0JKkePqXAMdkQrKplDHSm1XvWJ/Wazd0hpEWtJOKuM/pzn7Vf77X0GRcFC4hl+5chONKWO6o2U1SQ0nKJNCQ2anVI4qmozYfsRJp+MSlcprKNDLlsOm8PuQSSi+I8xzZoOnHYsHh2G+dQm1mSFInn8Hz8WaAIj6ljggytn8Mc3C6Fwru+aJ2ZirmOq0Z4rjsdI28qo719u9mvvwG+X+hLwK01ZhunfBqYdNpEpyESg1HnENDkQSj3CS6PXC/puVN+I4G7NLQmFD8BdVhofw9UJpVowG0TKnf2NQcDGpuki9x5NcM4iacIQn7Lu2AtTNlSrjSN3pvUaPM0OnbnPwZ3pZtFhjDKDbg2xEfGkc+PbSzQMHA9silg6kyqLEXuTD2YfGVPZtuOch5LLzr458urByFN/eO9SFa9dSC3i7oMGqUF7+crIaz4Fy6aJ95k0KGWMYLAkbHycAl+cU3XbkwSgDy/Jo3JKDnoxVu6EKf1kxlIdJqxGIL9ak6WcGdVO1JASA+bDF69XZ70RLhs0H0Gmqic8mIxwnZgNORfDD7hlJOxjGvErkdGQbJQVrXGuR0zd7LYA+Ucy0PScQ1P6fsVk+8jKL2kPoiDZ6l5qZ55cUhU6FUXREFS5YBgzUSZRlSAr1granw/xDpi2FBfb3JVptSVOjViyMVhXY17YTgtyJogOFD/pyBihK0QGyrsynI9sMARjYupcqhFjU0ewPAph2A2mSPY5TJUMZK27On1x6Lp1o7BPiRb3Q311Mju734DNYX8Iti0TzgE76N8THQ1orLCn7YwcFPbWdbY+/5fX5BaIsJIuQgGYZmJk4HshXHgjZZEqovn3QkPutlmi2C1AsxN36O5A3YyRYBSCwALglntr0NAx65WHSrPO25Qv6nkOcVwHVLYJNqHjTuWX4UTg1BOYimWw3c4JeBJxrQVo9dlHMzs3Vl4/qDHTXdWM0UeIbz9PjPzqQOeBMqy1ZEu4MPplW3J3sTPiYxXE4gJK/ba5TQmuWuXS4rQvcQv3lE9L2y8XilQHTEjtK3Xl4lM1Emlf3WaTwgoiD4ABsx3lDXXpix19QHl/tjsDvSTtQGDaJDH6dmBD1ZP8+Zzri/R+qosGAiik9Aby2BZn2vriIVwF1OmelBlBBwHJc8mSngqDmBJFLLFJNqcFB8V/+0cXMT2ek2st4flIA38S66FN1Sa5DKJmrlKgbHQkKVMwBpP4YMof3jZvVW3jE1D73Hiy74in76ki5nAX4G9nwFbO5B3RRpkiLhUzZYKTqy+m3QLjEKh0vlKIlzoHsb6iM4dzRNkf3yKQhBTbA/ESHAJrBIk+1N86c0NP2r84fVSfRMXeNEW3zt7oTGCFbpynE+uscd4ZF/VpzgaW3amJSY1eUTlRbDinOqliCT0EJFxHwFitnORQU2M7HYCM/eHbzB2ath17YGt2fwO8FWBcv+ySNbAMbgQHcUifrwVHDJdEz3WOVyDtMPwrcXnKRHYWbC3WMMdiV2cudpT8mXgu8QbvnSeBGIjRx1MNiHZeU6kLnBatbVQ1U0qMP6Bbq58RnJmlq67FOOXohv4bHeS1B4DZL7IF3CMpKMn1qBlX+P6XaxBjz+2z2watZ+bkUmpW5xzU6kBv3PiR+gy8YFSeE5qZwH78RgCLMUlaBtP8crGCbdV8JeuVyxPqAce4+B/InShbBo1a2zKC8ftDn6MjydLXA64VEJxAAPo09ZzTpHXZPFE4bRU62YzIFhN1uFRmMPdJHyg9NGDnk0XcUyIAE1O7X64XzN2Im6TuxiWG8OpXjqKbIng1RWhlP6p4hR029VUc3fEvtY+XNi26NQTjQ25cZDQZ3izBa2Ag64ihj/LCCELGbgH0+wRGrDyQ6pBqCwLeQMENPC6sGdW+2kaYkZ8ifqOrbx68d3Wx7HOmyfYohRjoGfRQHT/WxAUXOfqoItXaX88aZcsKIto6qIKEg+A3BAFvppU95taiSbAWE1W97Bs1XWLBQv8jK3slJpVVM+MbY9rtJeDa1TMrrTC/oP31KKtEyZ7zBpeIYpe8A1w+GVIowGYFhiFEhT/jXa05NafH34Thg7GlwTAs0PwaPlgNxZzzxESd7JX68ASbkZuKdzz/goOWtB96HwouNgcxvEyjvLOXrhRVSydUB9Rs82znjvHwaHQqmcXpXShdso0XUQM1OMApXFpVwgzynBKz4/OgxO3Z55jFBodBqoedbn0Dvi+IXCR9t2C916zEPkSVCSk3Xaww5djQncEh8MZlhUrfOb1RHsllzm4MJdqfH/t6JcuD8o0AF1tmjVAc6/UMfWsDEz+KGndAqNAYzw7COx96M6r8DruA/Jxk76ZfC3Pvrt4eftApb/0KBGByCapkbJatJ/OvOcv+ij+3UTG6F3d/vfL+zS4KvAn7fUQ/GX10hom68ix1aGHjIF0RUo08Itiz9dSFmKsHUg7Ce6WILE57WQv8jL+GNUJ6yy8FZ8Vr7TaTEfsyk6cOeyfLCEJ4Ijsu3ZKY0PjEH8L45zGEcmANEi+PD3Z9EZkCbL7vr5+mWL94rulIRPC2GQA3AbvhdNkIvRHEcsHwEhg1JPPR3OtThRL+n0nkzK/KsSwC9thrSC01K0/Rp3ufzpX7X/1v+402UP/AMvYBYk9Vb+/grP20pa5tkINlBr5jutRxAIhsG4Gw9O6ZVrO+3nUVpTclaNhFf/DWjnbywoaDEjZzFwXGuPYQk1EF0IeDKQwZjKVw8Eg5ISUy8ATC69/Vt2hyrVgB8py6B//J7nHJV9/Zaq2ZLfyxCvwAMZ115VS5FPSo1C0ELTaGgtoqgrIkvxzx+VQgcUcds2ao/uJVc0JmHKNYNz9tWBt0ufdJHPHunHtBxl1aBs9H2oNEFciBzpqR1ALeWlibktsedEzEDxPEXsm4UsvOMhbDW+br/Vgw5gzEla8prYr3/zMVYz5TubpAhJZkdZA6vHn51ZYQkYG0S3XzL1ys8Bqf77FncW0unBWJU42oSxMNXUWZaiuQIDaTq4cxYDBqkjea6RFwv6F0wTMKnxflv99kBWrHqHN15YjZr4MkjvMF9lpGMJqPFYleEXyyPQLYxay5II38zCkFht0sqtbbyYWXhNtB+xyH5NI7h3gFEITjmDJbXktSL3mV866fCMNq2lGXfeizkc7nuhjHf8qKTPli/mKG2UJKZSRER28/V/FkwoW5pAL1pIQlRVEo+RJ6Ig15wOz0Y6V1ZHoPOY9Oj6dgdoKTB9pPpGRjeLRDOCi8bvrK3ZLG26xpFIYZSgvcvyReS1SYBTxw6zNewg3Q0Cn0ZJIEzye0fBcLf/4eDnC+ED+xMXZJhGEct0jhMaD9DK/kZohTSjrXuwmLOWcXONh82goMfnNcxcpZwm4oBch9MQMHRU+BwCI+nLKw2VobfBu6MwAmKjFeiyWVeTFztktfSCSQVpFExF805XDpzYc8z9G9h4NNWkmnkPfsEEdyCVshDZTzbalhSom39hKRinzlLjG0RiDpMiTi/S7ewg5DF8xSsWpSaRuXSpTHsGWy3M76B/RjufaatkL0L5ACbc4t8jTq/CSP9/TRkOZXlSuIUgpjcC68IUwwo0AP0ktSNfppHH02mjEgQh1VzXaU6GsWC7hMC6MTjobf38BritGFeb+ILqIdLGmvOEhD9YHmb05yXLHWIbzECtTLIO2638jPLW5wnJwAH1v57HIeAIC83im4shccUUxLzEXPDqP6eiobFliCAzngAKi/JtWHBsfsewzJfCxnaDQpvC+XShuMQDKnLta/m1/WsieSI+/D177rRF9ukjywgNNVqPb6vh/kubXfpCmZBDddjefp+LhWTEnkMBhKedJvm+ogwpeesvwkMIxlbutcNI/1mUCU+/oYLKC5LeGCxP2P92K36z1RmUbFAER5Ap/+5Dr9QcyL+RyCVAw2OHJXumlC+joX240VuSHeQiNS0A1CVfLcc2pYq6Z5p5KWCeaBlqX78WRmgcS1ouWmwHTmDUjaIr1nbIk0lykXeSpVnsUjLnvlywn+FepLUU1i7WApK1C+5B4FxgVegBwIiFbPlTp0kESbSEnmjvzIjft6RZXuv3jWyMRmsBkA3d2fB3JFJm2iiPBDaRNesKgDp3jY/Sr/irJN7UW+veW3bH2n4jQpZyEzSag3ga5Ot2j3gaXO3TzrnLzXiSGxFYLJU8iWS6D3yvxJ7u9pJCKYdCjIt8Sgq9TeAU0qWHd/cVJcT0dZm/2uRJ7A6VNru0sXKYKFatXp8kCzAlF4y1/X6GSqLn7mA7nOfRe8177GXGJ9MmJrDbZNnjAaql9gEAlieoZJUhxnnRh+zTIBp8cTD2M4zpvEgMbEO/lsseVSKbf3ZygDV+vnnmZmHPou37+p75fry7mIV7zJU7A31wv6mkhMZ+pKC814RuV11UaM9MBqnYLmmP1szmUFLzpqykGD2czxJW8n6aHL4Wwi1IxVZslhmFD+bghXifR6O44clwONuwwe0iBSFHEeEDpI9+ymPGFMKFnQBVBmAh7fNB95WRi+e9SJr+MdV9uW170453UeFptw0mSpLhpzHdoHsDJZ0Vwb6AebvP9W0P9zy/6G7ueo/IriqYC/cONQQJXABul8Hzviz76l/uaLI06zmOOH4KurC3e4w5p8PUT9UPvse7uHv7g9S01U45TU8Q2L5b5jFd7noLHF8+uzbdVTft4hq7D0WXEzvluzGXIpdq1UWJ84LAo5p1X+9zMTjrsgBlFakI+lj25PCM/h01/COGFV6+akNSp42EjbvhzAaJeE5TZxG7X0WANINBfG8/Y1Ti+R/Sz/gD4CH53hnMvCZ0ZCYsbOkVDQ7efuJ8GVZiXJuaMa8derZRy/clSgbGJJ1p+7tLttgd9OzW+H5PI9xqztLMNjJnq5LkyoO7Tu75nVOtF6GNzD9f0M8mFMpT7Y9syfVaS8p88MxTWgRYQ7Yj+myi18Do+6cgq0GJtmxPlkGQlkvTTrfrN0mN3x0mOHlEy3e/5AbJ5nMoU1yVF7+nlBIRM1nYIzHWuxlullRlI1l/sEbF7C59J/exgvKD4QKJPkep7xk0JL5ldOs8aCxCZwDLkJkMB4jAqbdwei/5TusRNiOpB6yutiJ0GmVRgdRUrdpJDD6VmxLUwiBaPcbf3Rw9/0x/vz7DCgI7i206zB6redVtH1DNSOwH/ZqtswZgdJdNUr7AsGMlX/yIN6rZUQG42sB5DkdNXipSynjMgnRkRiKZCxpMSYnsG/6XxBITa+bpAA+8SWIngmFYrOVRbw5LeNM+/ptbAAKJrfV0X2otAsx1dld</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></ns2:EncryptedAssertion></ns5:Response>
2020-07-02 16:32:46 DEBUG XMLTooling.Signature [1] [default]: unmarshalling ds:Signature
2020-07-02 16:32:46 DEBUG OpenSAML.MessageDecoder.SAML2 [1] [default]: extracting issuer from SAML 2.0 protocol message
2020-07-02 16:32:46 DEBUG OpenSAML.MessageDecoder.SAML2 [1] [default]: message from (Siteminder_IDP)
2020-07-02 16:32:46 DEBUG OpenSAML.MessageDecoder.SAML2 [1] [default]: searching metadata for message issuer...
2020-07-02 16:32:46 DEBUG OpenSAML.MessageDecoder.SAML2 [1] [default]: recovered request/response correlation value (_7f8822faa9a9d434327b021d4fff8eac)
2020-07-02 16:32:46 WARN OpenSAML.SecurityPolicyRule.NullSecurity [1] [default]: security enforced using NULL policy rule, be sure you know what you're doing
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1] [default]: evaluating message flow policy (correlation off, replay checking on, expiration 60)
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1] [default]: ignoring InResponseTo, correlation checking is disabled
2020-07-02 16:32:46 DEBUG XMLTooling.StorageService [1] [default]: inserted record (_81609d03ea4c9463f70231fc9c0a5a760cc2) in context (MessageFlow) with expiration (1593688017)
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1] [default]: validating signature profile
2020-07-02 16:32:46 DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: attempting to validate signature with the peer's credentials
2020-07-02 16:32:46 DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: signature validated with credential
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1] [default]: signature verified against message issuer
2020-07-02 16:32:46 DEBUG Shibboleth.SSO.SAML2 [1] [default]: processing message against SAML 2.0 SSO profile
2020-07-02 16:32:46 DEBUG XMLTooling.CredentialCriteria [1] [default]: usage didn't match (4 != 3)
2020-07-02 16:32:46 DEBUG XMLTooling.CredentialCriteria [1] [default]: key algorithm didn't match ('AES' != 'RSA')
2020-07-02 16:32:46 DEBUG XMLTooling.CredentialCriteria [1] [default]: usage didn't match (4 != 3)
2020-07-02 16:32:46 DEBUG XMLTooling.Signature [1] [default]: unmarshalling ds:Signature
2020-07-02 16:32:46 DEBUG Shibboleth.SSO.SAML2 [1] [default]: decrypted Assertion: <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_9a168d9265bfad77b45f2810be849283a7fe" IssueInstant="2020-07-02T11:02:57.203Z" Version="2.0">
        <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">Siteminder_IDP</ns2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_9a168d9265bfad77b45f2810be849283a7fe"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>wBetOLXN8LRAyPMnfWIo0iGyFVrmznScYaFgjycNTxM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>jTCbtd012+jT2W7bkfhV9thM0jnUbQcKgD1Oi7BoIN1FoGN6kMYiR7lhPO1LzUYhTP+ZFRp6G7JgTDEx6+2e33tQ8XSZKza7oAFyYmhuZ6p5VZJAl0BAWVX244Wj8n72zZWLBOsAqYxL68vOXrRghVHhIJjMGCDMa7ZUiqV19vtiJgc9Sb45vhxOgKZ7A6jfRKkA2OhzjSZveHfGJx9I5KUWjlIMiwJApFa5reC83cJEzHnj63tMMayC/OLCw5Rz37Iecl3tl6eMZ/VjL0HsGtJbUJU6RCDt6/hFQaHd60un8LZD5se7h7Z1wSUkZnp8QXSC+c1a44cuki7C6Y2nvA==</ds:SignatureValue><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIElTCCAn0CARYwDQYJKoZIhvcNAQELBQAwgc8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTETMBEGA1UEBwwKRnJhbWluZ2hhbTELMAkGA1UECgwCQ0ExJDAiBgNVBAsMG0N1c3RvbWVyTGFiIEVuZ2cgU2VjdXJpdHlCVTEuMCwGA1UEAwwlT3BlblNTTFNlbGZTaWduZWRSb290Q0EtZnJtY2wwMDF2bTA0MDE7MDkGCSqGSIb3DQEJARYsT3BlblNTTFNlbGZTaWduZWRSb290Q0EtZnJtY2wwMDF2bTA0MEBjYS5jb20wHhcNMTUwMzIzMTE0NzEwWhcNMzUwMzE4MTE0NzEwWjBRMQswCQYDVQQGEwJJTjELMAkGA1UECAwCVEcxDDAKBgNVBAcMA0hZRDELMAkGA1UECgwCQ0ExDDAKBgNVBAsMA1NCVTEMMAoGA1UEAwwDSURQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HiaRX6GHwxZ4D8ex2y3sEGecuc43YzOHn7y7G/6pxMxfbw8fT1f/8gnY8X/rf+N1nMhYxSVtkV018biCzwPSaQRrbNs0X95IbQMlid7BH/QWfBgCxm+ooUPYx3rE+oq6lJdm3BP0F+d6YrwWlMVaVYUohpZXGwqsbuUGyZc+ij1VqtTgmnK+wTDv1xmkfzeGaXyOirZemZjUDsH5sikugXOctBrUh6FPrYFa0b0i7ylPT5GYV9Xt1V0EVGT/WuMxHACjb/+rI16Ime/t0llhwOavNSGFjqJFJxZ3PI3NIpYcVgPjQVWj6/nrp3l7K9Zc27A7odmHOlw84zalbQYKwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAdTEKsmzBsE/+Wj9xTqfYKjnid5xN9pFPlUbqDZcQL4diODhTt97BC3nDoXQyLW3HhDcY8ba3mOAKnTVeNzNo0ucOjjnEoUBtzkWLQ3naxLFjNMzcYxnp+cRuc66hNBNggbPwZOMFXwxwBKXiuiMNxeVpNzVD/i9VtmY4MJqxBehV6FHWCODCuZUxqTK461CGaD0UFO0WSgqQSLxN3MS5pUhdKEhPXrBwpPMYQCn4G9BaxkP4pPvOAs+axHtNT3RqeZfUN+eYF6TWCTu9zyOtR/10NUVZ8ozajUtr/IMtSNHYyz27D44cxgoXvkLwRAkQs7ZqQ9jf43iO6KsO4XFBpVLKDWO6s7qRwIRJekl97CJ6Ap4ADPPACGHAxvCTOwV4+QK86CPoGxWspIowXBYpfsGWaTieyAzHhom7J8Y10AZv7nMdJBeGsBrNP4yToF/Y7BXnVB6yw9GjRYYITmtizf9CHeGV3XwHw/25NOn7TJsd6jHrMOhke9Dj12HYzpQcu07xBtXLzThuqOKI5XeVEQZK+qZeAY6bByl57bTUfIF5nzojAZ7TkM8Ts4qHyBeCeruPlGi9oa/vPCdGbw9B34osKVp62Gly+025SCCBS/ZUj1sXnRqPhZt8fCU7MUlFgDKj6MwVzkydTVVeDQYI+igTEqaXwPaUWe0VdxkypLg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
        <ns2:Subject>
            <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">user1</ns2:NameID>
            <ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <ns2:SubjectConfirmationData InResponseTo="_7f8822faa9a9d434327b021d4fff8eac" NotOnOrAfter="2020-07-02T11:04:27.203Z" Recipient="http://lodibl209bvm099.ihy.broadcom.net/Shibboleth.sso/SAML2/POST"/>
            </ns2:SubjectConfirmation>
        </ns2:Subject>
        <ns2:Conditions NotBefore="2020-07-02T11:02:27.202Z" NotOnOrAfter="2020-07-02T11:04:27.203Z">
            <ns2:AudienceRestriction>
                <ns2:Audience>http://lodibl209bvm099.ihy.broadcom.net/shibboleth</ns2:Audience>
            </ns2:AudienceRestriction>
        </ns2:Conditions>
        <ns2:AuthnStatement AuthnInstant="2020-07-02T11:02:57.198Z" SessionIndex="+wHtwoH06GG6cRqcZn2cQf4L5WM=MQpEGw==" SessionNotOnOrAfter="2020-07-02T11:04:27.198Z">
            <ns2:AuthnContext>
                <ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
            </ns2:AuthnContext>
        </ns2:AuthnStatement>
    </ns2:Assertion>
2020-07-02 16:32:46 DEBUG Shibboleth.SSO.SAML2 [1] [default]: extracting issuer from SAML 2.0 assertion
2020-07-02 16:32:46 WARN OpenSAML.SecurityPolicyRule.NullSecurity [1] [default]: security enforced using NULL policy rule, be sure you know what you're doing
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1] [default]: evaluating message flow policy (correlation off, replay checking on, expiration 60)
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1] [default]: ignoring InResponseTo, correlation checking is disabled
2020-07-02 16:32:46 DEBUG XMLTooling.StorageService [1] [default]: inserted record (_9a168d9265bfad77b45f2810be849283a7fe) in context (MessageFlow) with expiration (1593688017)
2020-07-02 16:32:46 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1] [default]: validating signature profile
2020-07-02 16:32:46 DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: attempting to validate signature with the peer's credentials
2020-07-02 16:32:46 DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: public key did not validate signature: Digital signature does not validate with the supplied key.
2020-07-02 16:32:46 DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: no peer credentials validated the signature
2020-07-02 16:32:46 WARN OpenSAML.SecurityPolicyRule.XMLSigning [1] [default]: unable to verify message signature with supplied trust engine
2020-07-02 16:32:46 WARN Shibboleth.SSO.SAML2 [1] [default]: detected a problem with assertion: Message was signed, but signature could not be verified.
2020-07-02 16:32:46 WARN Shibboleth.SSO.SAML2 [1] [default]: error processing incoming assertion: Message was signed, but signature could not be verified.


Thanks,
Pavan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200702/589a4938/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4191 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20200702/589a4938/attachment.p7s>

More information about the users mailing list