Signature Exception?

classic Classic list List threaded Threaded
1 message Options
AJ
Reply | Threaded
Open this post in threaded view
|

Signature Exception?

AJ
Hi,

I'm completely new to SAML, and well security in general so please forgive my ignorance and anything stupid I say.

I am using OpenSAML to produce a SAML Authentication Request. I had originally written all my code to use a a key pair that I had generated locally using OpenSSL. Now the time has come to integrate with my client who has provided me a MetaData file. I modified my code to use the FilesystemMetadataProvider class to load the file and create the credential based on the X509 data. I am now using a BasicX509Credential object in place of the BasicCredential that I was using with my local keys that I had generated.

Everything seems to work fine until I execute the Signer.signObject( signature ); At runtime this is giving me an exception:

java.security.SignatureException: object not initialized for signature or verification

I've done piles of reading but I don't understand what the issue is. I'm not executing any validation (explicitly anyway) which seems to be one of the roots os this exception. I double checked my approach using this URL https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG and everything seems to be ok.

Can someone help me out?