[OpenAM] HTTP Status 500 - Single Sign On failed - Issuer in Response in invalid.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[OpenAM] HTTP Status 500 - Single Sign On failed - Issuer in Response in invalid.

Bon Capuyan
Hi All,

I am trying to do a Service Provider SSO Federation test but keep getting this error: HTTP Status 500 - Single Sign On failed.
======================
Here is the SAML trace result:
======================

  <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied" />
        </samlp:StatusCode>
        <samlp:StatusMessage>The AuthnRequest could not be validated</samlp:StatusMessage>
    </samlp:Status>
</samlp:Response>
===================================
From the debug.out file Im getting the following:
===================================

libSAML2:04/22/2014 01:55:28:699 AM EDT: Thread[http-8080-5,5,main]

ERROR: spAssertionConsumer.jsp: SSO failed.

com.sun.identity.saml2.common.SAML2Exception: Issuer in Response is invalid.

at com.sun.identity.saml2.common.SAML2Utils.verifyResponse(SAML2Utils.java:399)

at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1053)

at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)

at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)

at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:98)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

at java.lang.Thread.run(Unknown Source)


Any Ideas?

Much Appreciated

Bon Capuyan


_______________________________________________
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: [OpenAM] HTTP Status 500 - Single Sign On failed - Issuer in Response in invalid.

Sarris Overbosch
Think this line tells it all:

com.sun.identity.saml2.common.SAML2Exception: Issuer in Response is invalid

The issuer seams not to be part of the COT, did you configure a COT?


2014-04-22 8:00 GMT+02:00 Bon Capuyan <[hidden email]>:
Hi All,

I am trying to do a Service Provider SSO Federation test but keep getting this error: HTTP Status 500 - Single Sign On failed.
======================
Here is the SAML trace result:
======================

  <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied" />
        </samlp:StatusCode>
        <samlp:StatusMessage>The AuthnRequest could not be validated</samlp:StatusMessage>
    </samlp:Status>
</samlp:Response>
===================================
From the debug.out file Im getting the following:
===================================

libSAML2:04/22/2014 01:55:28:699 AM EDT: Thread[http-8080-5,5,main]

ERROR: spAssertionConsumer.jsp: SSO failed.

com.sun.identity.saml2.common.SAML2Exception: Issuer in Response is invalid.

at com.sun.identity.saml2.common.SAML2Utils.verifyResponse(SAML2Utils.java:399)

at com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1053)

at org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)

at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)

at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:98)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

at java.lang.Thread.run(Unknown Source)


Any Ideas?

Much Appreciated

Bon Capuyan


_______________________________________________
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam



_______________________________________________
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Status 500 - Single Sign On failed - Issuer in Response in invalid.

Peter Major
In reply to this post by Bon Capuyan
Check your CoTs and hosted/remote metadata. The remote entity ID MUST be
the same as the Issuer sent in the AuthnRequest.

cheers,
Peter

2014.04.22. 7:00 keltezéssel, Bon Capuyan írta:

> Hi All,
>
> I am trying to do a Service Provider SSO Federation test but keep
> getting this error: HTTP Status 500 - Single Sign On failed.
> ======================
> Here is the SAML trace result:
> ======================
>
>    <samlp:Status>
>          <samlp:StatusCode
> Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
>              <samlp:StatusCode
> Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied" />
>          </samlp:StatusCode>
>          <samlp:StatusMessage>The AuthnRequest could not be
> validated</samlp:StatusMessage>
>      </samlp:Status>
> </samlp:Response>
> ===================================
>  From the debug.out file Im getting the following:
> ===================================
>
> libSAML2:04/22/2014 01:55:28:699 AM EDT: Thread[http-8080-5,5,main]
>
> ERROR: spAssertionConsumer.jsp: SSO failed.
>
> com.sun.identity.saml2.common.SAML2Exception: Issuer in Response is invalid.
>
> at
> com.sun.identity.saml2.common.SAML2Utils.verifyResponse(SAML2Utils.java:399)
>
> at
> com.sun.identity.saml2.profile.SPACSUtils.processResponse(SPACSUtils.java:1053)
>
> at
> org.apache.jsp.saml2.jsp.spAssertionConsumer_jsp._jspService(spAssertionConsumer_jsp.java:224)
>
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
>
> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
>
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
> at
> org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
> at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:98)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
>
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
>
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>
> at java.lang.Thread.run(Unknown Source)
>
>
> Any Ideas?
>
> Much Appreciated
>
> Bon Capuyan
>
>
>
> _______________________________________________
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>
_______________________________________________
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam