Unable to encrypt and sign an assertion

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Unable to encrypt and sign an assertion

sudhanshussingh14
Hi,

I can get SAML login to work without encrypting my assertion (SAML Response from IDP). But it fails when i try to encrypt it. I get the following error from service provider :

"The assertion is not signed correctly - Unable to evaluate key against signature"

This is my code —

Getting an assertion:
assertion = AssertionBuilderFactory.create(elementNaming,
                                issuerAssertation, now, idLength, authnStatement, conditions,
                                subject, signature, attributeStatement);

Signing it:
                SignatureBuilderFactory.signAssetation(assertion, signature);

Credential keyEncryptionCredential = SignAssertion.getCredentialFromFilePath("sp.crt");
                        EncryptionParameters encParams = new EncryptionParameters();
                        encParams
                                        .setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
                        KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
                        kekParams.setEncryptionCredential(keyEncryptionCredential);
                        kekParams
                                        .setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
                        KeyInfoGeneratorFactory kigf = Configuration
                                        .getGlobalSecurityConfiguration()
                                        .getKeyInfoGeneratorManager().getDefaultManager()
                                        .getFactory(keyEncryptionCredential);
                        kekParams.setKeyInfoGenerator(kigf.newInstance());
                        Encrypter samlEncrypter = new Encrypter(encParams, kekParams);
                        samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
                       
                        encryptedAssertion = samlEncrypter.encrypt(assertion);
                        System.out.println("encryptedAssertion"+encryptedAssertion);

samlResponse = ResponseBuilderFactory.create(elementNaming,
                                destination, now, statusSuccess, issuerResponse,
                                encryptedAssertion, idLength, inResponseTo);

In create function i am doing:
response.getEncryptedAssertions().add(assertation);

Could you please help me out? I am scratching my head since past one week on this :(

Thanks in anticipation!

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to encrypt and sign an assertion

sudhanshussingh14
I just noticed that the saml assertion does not have <ds:Signature> element in it. This could possibly be the issue. I am not sure how to fix that.

I am already doing this:

                try {
                        Configuration.getMarshallerFactory().getMarshaller(assertion)
                                        .marshall(assertion);
                        Signer.signObject(signature);
                } catch (MarshallingException e) {
                        log.error("MarshallingException : " + e);
                } catch (SignatureException e) {
                        log.error("SignatureException : " + e);
                }

Could you please let me know how to fix that?

Thanks!
Loading...