SAML configuration with F5 APM as an IdP: SSOv2 Authn Request requires signature verification
HI all,
I guess I have to ask my first question here in DevCentral.
I try to configure SSO with SAML IdP where Cornerstone system should be connected while using AD authentication on our side (later maybe SLO etc.). This means, I want to use direct SP initiated connections to be done.
Process: Cornerstone link will be opened, redirecting to our IDP F5 APM, then authenticating the user and then the SAML assertion should be sent back to Cornerstone. The last step does not work.
In the tmm logs, I can see the following output and currently do not know how to proceed. Any ideas? (I will post more details, I have no clue what is interesting for solving this)
Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 SAML configuration: SAML_RES=&SAML_RES_LIST=&SAML_SSO=/Common/IDP_Internal_AD Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 POST, Authn Request body size: 2100 Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 Authn Request size: 2076 Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 Base64 decoded Authn Request size: 1537 Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 REQ_ID: (37) _b7ab300f-cec1-4eff-a611-294c17308719 Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 SAML_VERSION: (3) 2.0 Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 ISSUE_INSTANT: (28) 2014-09-30T12:14:39.0622224Z Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 SAML_ACS_BINDING: (46) urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 ACS_URL: (59) https://x.csod.com/samldefault.aspx Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 ISSUER: (42) https://x.csod.com Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 XPATH_DIGEST_VALUE: (28) eXLbYIGJq3Qch1AGxr7u30B02js= Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 XPATH_SIGNATURE_VALUE: (172) abla60q5q+CR2ufsesKvxUffvFMVkL7Y6s5GvS2Jj3N7GpIPntw59w29YrV0lp4+2AnFofKqtMziRrn27uOf0cEvXQbdkV3vIjzD70aOoNscvVC6zoU+2ALlBJpi2KgMiP6yGBSkrVSI66GomGGQ5ZJ3nmDKp90g8pQgcKWB/BE= Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 NAME_ID_FORMAT: (53) urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 Using SSO config: /Common/IDP_Internal_AD with SP Connector: /Common/CornerStone_Pilot from ACCESS profile Sep 30 14:14:39 KMLLB01 debug tmm1[15919]: 014d0002:7: 7c109e1f: SSOv2 Authn Request requires signature verification Sep 30 14:14:39 KMLLB01 err tmm1[15919]: 014d0002:3: 7c109e1f: SSOv2 Error verifying SAML message signature - signature size (128 bytes) does not match SP certificate key size (256 bytes) Sep 30 14:14:39 KMLLB01 err tmm1[15919]: 014d0002:3: 7c109e1f: SSOv2 Error(12) Signature verification failed for SAML Authentication Request
Thanks for any help!
Best regards, Felix