ERROR: QuerySignatureUtil.verify: Null SigAlg query parameter.
libSAML2:07/05/2018 06:38:12:713 PM EDT: Thread[http-bio-127.0.0.1- 8443-exec-3,5,main]: TransactionId[c6d8f6a3-a9e1- 4820-a30b-38350fc47d11-51806]
ERROR: UtilProxySAMLAuthenticator. authenticate: authn request verification failed.
com.sun.identity.saml2.common. SAML2Exception: Missing signature algorithm.
When coding make sure following.
Create your AuthN request making sure that when you create the signature to combine all 3 parameter elements and then sign it:
String authnrequest = "SAMLRequest=" + encodedRequestMessage
+ "&RelayState=" + URLEncoder.encode(relayURL, "UTF-8")
+ "&SigAlg=" + URLEncoder.encode(sigAlg, "UTF-8");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
signature.update(authnrequest.getBytes(Charset.forName("UTF-8")));
byte[] signatureByteArray = signature.sign();
String signatureBase64encodedString = Base64.encodeBytes(signatureByteArray, Base64.DONT_BREAK_LINES);
return idpUrlREDIRECT + "?"
+ authnrequest
+ "&Signature="
+ URLEncoder.encode(signatureBase64encodedString, "UTF-8");
The resulting AuthN request should look something like the following:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://localhost:8084/DBAuthentication/samllogin"
Destination="https://ssoidp.lb.com:443/openam/SSORedirect/metaAlias/idp"
ID="ckimokpjjjongadnnkfbophokmmhdfhilckkknac"
IssueInstant="2018-09-05T15:15:48.936Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
ProviderName="http://localhost:8084/DBAuth/sp"
Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8084/DBAuth/sp</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
String authnrequest = "SAMLRequest=" + encodedRequestMessage
+ "&RelayState=" + URLEncoder.encode(relayURL, "UTF-8")
+ "&SigAlg=" + URLEncoder.encode(sigAlg, "UTF-8");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
signature.update(authnrequest.getBytes(Charset.forName("UTF-8")));
byte[] signatureByteArray = signature.sign();
String signatureBase64encodedString = Base64.encodeBytes(signatureByteArray, Base64.DONT_BREAK_LINES);
return idpUrlREDIRECT + "?"
+ authnrequest
+ "&Signature="
+ URLEncoder.encode(signatureBase64encodedString, "UTF-8");
The resulting AuthN request should look something like the following:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://localhost:8084/DBAuthentication/samllogin"
Destination="https://ssoidp.lb.com:443/openam/SSORedirect/metaAlias/idp"
ID="ckimokpjjjongadnnkfbophokmmhdfhilckkknac"
IssueInstant="2018-09-05T15:15:48.936Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
ProviderName="http://localhost:8084/DBAuth/sp"
Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8084/DBAuth/sp</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
No comments:
Post a Comment