|
Hi,
I can get SAML login to work without encrypting my assertion (SAML Response from IDP). But it fails when i try to encrypt it. I get the following error from service provider :
"The assertion is not signed correctly - Unable to evaluate key against signature"
This is my code —
Getting an assertion: assertion = AssertionBuilderFactory.create(elementNaming,
issuerAssertation, now, idLength, authnStatement, conditions,
subject, signature, attributeStatement);
Signing it: SignatureBuilderFactory.signAssetation(assertion, signature);
Credential keyEncryptionCredential = SignAssertion.getCredentialFromFilePath("sp.crt");
EncryptionParameters encParams = new EncryptionParameters();
encParams
.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
KeyEncryptionParameters kekParams = new KeyEncryptionParameters();
kekParams.setEncryptionCredential(keyEncryptionCredential);
kekParams
.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
KeyInfoGeneratorFactory kigf = Configuration
.getGlobalSecurityConfiguration()
.getKeyInfoGeneratorManager().getDefaultManager()
.getFactory(keyEncryptionCredential);
kekParams.setKeyInfoGenerator(kigf.newInstance());
Encrypter samlEncrypter = new Encrypter(encParams, kekParams);
samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
encryptedAssertion = samlEncrypter.encrypt(assertion);
System.out.println("encryptedAssertion"+encryptedAssertion);
samlResponse = ResponseBuilderFactory.create(elementNaming,
destination, now, statusSuccess, issuerResponse,
encryptedAssertion, idLength, inResponseTo);
In create function i am doing: response.getEncryptedAssertions().add(assertation);
Could you please help me out? I am scratching my head since past one week on this :(
Thanks in anticipation!
|