Results 1 to 3 of 3

Thread: SAML Assertion has invalid Signature

  1. Apr 1st, 2011, 06:46 AM #1
    hello123
    hello123 is offline Junior Member
    Join Date
    Mar 2011
    Posts
    8

    Default SAML Assertion has invalid Signature

    I am passing a saml assertion of type HOK from client to web service. The body of the soap message is signed. At the web service side, I am getting this error

    Caused by: com.sun.xml.wss.XWSSecurityException: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1311)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveS amlAssertion(KeySelectorImpl.java:981)
    ... 36 more
    Caused by: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:508)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.vali date(DOMXMLSignature.java:232)
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1287)
    ... 37 more
    Caused by: javax.xml.crypto.KeySelectorException: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1169)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.select(K eySelectorImpl.java:256)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:500)
    ... 39 more
    Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.new SOAPFaultException(SOAPUtil.java:120)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:60)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironme ntImpl.validateCertificate(DefaultSecurityEnvironm entImpl.java:677)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1121)
    ... 41 more
    Caused by: com.sun.xml.wss.impl.callback.CertificateValidatio nCallback$CertificateValidationException: Could not create PKIX CertPathBuilder
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:652)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:58)
    ... 43 more
    Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors( PKIXParameters.java:183)
    at java.security.cert.PKIXParameters.<init>(PKIXParam eters.java:140)
    at java.security.cert.PKIXBuilderParameters.<init>(PK IXBuilderParameters.java:113)
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:647)
    Reply With Quote Reply With Quote
  2. Apr 1st, 2011, 07:08 AM #2
    jhndavid
    jhndavid is offline Junior Member
    Join Date
    Apr 2011
    Posts
    1

    Default

    Quote Originally Posted by hello123 View Post
    I am passing a saml assertion of type HOK from client to web service. The body of the soap message is signed. At the web service side, I am getting this error

    Caused by: com.sun.xml.wss.XWSSecurityException: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1311)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveS amlAssertion(KeySelectorImpl.java:981)
    ... 36 more
    Caused by: javax.xml.crypto.dsig.XMLSignatureException: cannot find validation key
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:508)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.vali date(DOMXMLSignature.java:232)
    at com.sun.xml.wss.impl.dsig.SignatureProcessor.verif ySignature(SignatureProcessor.java:1287)
    ... 37 more
    Caused by: javax.xml.crypto.KeySelectorException: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1169)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.select(K eySelectorImpl.java:256)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMS ignatureValue.validate(DOMXMLSignature.java:500)
    ... 39 more
    Caused by: com.sun.xml.wss.impl.WssSoapFaultException: Could not create PKIX CertPathBuilder
    at com.sun.xml.ws.security.opt.impl.util.SOAPUtil.new SOAPFaultException(SOAPUtil.java:120)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:60)
    at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironme ntImpl.validateCertificate(DefaultSecurityEnvironm entImpl.java:677)
    at com.sun.xml.wss.impl.dsig.KeySelectorImpl.resolveX 509Data(KeySelectorImpl.java:1121)
    ... 41 more
    Caused by: com.sun.xml.wss.impl.callback.CertificateValidatio nCallback$CertificateValidationException: Could not create PKIX CertPathBuilder
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:652)
    at com.sun.xml.wss.impl.callback.CertificateValidatio nCallback.getResult(CertificateValidationCallback. java:58)
    ... 43 more
    Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors( PKIXParameters.java:183)
    at java.security.cert.PKIXParameters.<init>(PKIXParam eters.java:140)
    at java.security.cert.PKIXBuilderParameters.<init>(PK IXBuilderParameters.java:113)
    at org.springframework.ws.soap.security.xwss.callback .KeyStoreCallbackHandler$KeyStoreCertificateValida tor.validate(KeyStoreCallbackHandler.java:647)



    Confirm that IIS is installed and running on your computer. For more information about installing and configuring IIS see Installing and Configuring IIS 7.0

    Create a new folder for your application files called "IISHostedCalcService", ensure that ASP.NET has access to the contents of the folder, and use the IIS management tool to create a new IIS application that is physically located in this application directory. When creating an alias for the application directory use "IISHostedCalc".

    Create a new file named "service.svc" in the application directory. Edit this file by adding the following @ServiceHost element.
    Wedding Planner
    Reply With Quote Reply With Quote
  3. Apr 5th, 2011, 03:23 AM #3
    hello123
    hello123 is offline Junior Member
    Join Date
    Mar 2011
    Posts
    8

    Default

    I am waiting for a reply. Please help
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules