Hi Jitendra, I have used *CAS 5.3.5 as idp* and SimpleSAMLPHP as sp, my SP service registry is just bare-bone and it still works. My metadata is also generated, so I don't think CAS generated idp metadata is the problem.
Is it possible to have a look at you ` *mylocation/metadata/testsp_metadata.xml*`, that might also be a place to look for solution. Cheers! - Andy On Friday, 30 November 2018 05:29:50 UTC+8, Jitendra wrote: > > Hi, > > SAML Response generated by CAS IDP is giving error at SP side > (SimpleSAMLphp) as "Unable to validate Signature". > > I have already running application of CAS 3.5.2 with external integration > with Shibboleth IdP and now I am tring to integrate new CAS 5.3.5 version > using CAS IDP. > > Following in the SAML Response generate by IdP for both CAS 5.3.5 and CAS > 3.5.2 with external Shibboleth IdP. > > *SAML Response - CAS 5.3.5* > > <?xml version="1.0" encoding="UTF-8"?> > <saml2p:Response > Destination=" > https://localhost:9443/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp > " > ID="_5811688302419932870" > InResponseTo="_2eaf2e28b5216f16033c9426d54214ab6388f7e81f" > IssueInstant="2018-11-29T21:01:43.318Z" Version="2.0" > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> > <saml2:Issuer > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > https://localhost:8443/idp</saml2:Issuer> > <ds:Signature > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod > Algorithm=" > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> > <ds:Reference > URI="#_5811688302419932870"> > <ds:Transforms> > <ds:Transform > Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> > > <ds:DigestValue>b7YffVN2OeWjVJwE+M7Ubu8Y8yuT7AJH0UyZCbSfifY=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > > O9KIQejb18K/ME5x0sVfa3vuSJfPDxz5kDLWo6afmWip4LZzA3YNJf7v4e3Fb+9myw1aEPC3XP3b
 > > As0WFTeVIzB2zzM7k7PxKQFpZyZ4sWR2gYcpj85AobJVYIJA9uv2CfTPaERE9w5hfU4Pkc/bJ4cb
 > 41oHsm6hLVRPZj1Tq68= > </ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate>***** DELETED ***** > </ds:X509Certificate> > </ds:X509Data> > </ds:KeyInfo> > </ds:Signature> > <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> > <saml2p:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> > </saml2p:Status> > <saml2:EncryptedAssertion > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > <xenc:EncryptedData Id="_820da790be35c89c155513777cd62a67" > Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:RetrievalMethod > Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"; > URI="#_a624d6692b8ac5cf1b149f831bd1aee4"/> > </ds:KeyInfo> > <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc# > "> > <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedData> > <xenc:EncryptedKey Id="_a624d6692b8ac5cf1b149f831bd1aee4" > Recipient=" > https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > </xenc:EncryptionMethod> > <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc# > "> > <xenc:CipherValue>***** DELETED *****</xenc:CipherValue> > </xenc:CipherData> > <xenc:ReferenceList> > <xenc:DataReference > URI="#_820da790be35c89c155513777cd62a67"/> > </xenc:ReferenceList> > </xenc:EncryptedKey> > </saml2:EncryptedAssertion> > </saml2p:Response> > > *SAML Response - CAS 3.5.2 with external Shibboleth IdP* > > <saml2p:Response Destination="https://localhost/Shibboleth.sso/SAML2/POST"; > ID="_2d92ed1015600c258406df9be22f95be" > InResponseTo="_3c79c509762462fa063e035b4ac9b6fa" > IssueInstant="2018-11-29T15:41:52.149Z" Version="2.0" > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> > <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > https://localhost/idp/shibboleth</saml2:Issuer> > <saml2p:Status><saml2p:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status> > <saml2:EncryptedAssertion > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > <xenc:EncryptedData Id="_6d71ffd770ca214f19d05dd34c179bf7" > Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#aes128-cbc"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <xenc:EncryptedKey Id="_2062d09a80fbd4810e9e733fa0132d9f" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> > <xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig# > "/></xenc:EncryptionMethod> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate>**** DELETED **** > </ds:X509Certificate> > </ds:X509Data> > </ds:KeyInfo> > <xenc:CipherData xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";> > <xenc:CipherValue>**** DELETED **** > </xenc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedKey> > </ds:KeyInfo> > <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc# > "> > <xenc:CipherValue>**** DELETED ****</xenc:CipherValue> > </xenc:CipherData> > </xenc:EncryptedData> > </saml2:EncryptedAssertion> > </saml2p:Response> > > And following the my SP Service Registry entry > > *{* > * "@class" : > "org.apereo.cas.support.saml.services.SamlRegisteredService",* > * "serviceId" : > "https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp > <https://localhost:9443/simplesaml/module.php/saml/sp/metadata.php/default-sp>",* > * "name" : "SAMLService",* > * "id" : 10000003,* > * "evaluationOrder" : 10,* > * "metadataLocation" : "mylocation/metadata/testsp_metadata.xml",* > * "signAssertions": false,* > * "signResponses": true,* > * "encryptAssertions": true* > *}* > > Can anyone please help me in finding out what is the issue in my > configuration?? > > > TIA > Jitendra > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6580e11e-9d78-421c-9a57-a6d7e9e4c9a1%40apereo.org.
