cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML protocol message was not signed skipping XML signature processing

Former Member

on ‎06-04-2018 9:28 PM

0 Kudos

Hi all we are implementing single sign on for backoffice we are able to go to Idp page and onc elogin in IDP Page and comes back to backoffice page we are seeing HTTP-401 Authentication failed message .Plz let us know if any one faced this issue and what would be the resolution

And in our logs we could see below message SAML protocol message was not signed, skipping XML signature processing

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member809924
Explorer
‎06-09-2022 4:04 PM
0 Kudos

Hi ,

I am also facing similar error. Can anyone help me here.

After successful identity verification from IDP, control comes to "https://localhost:9002/samlsinglesignon/saml/SSO" with

HTTP Status 401 – Unauthorized

Show replies
Show replies
former_member493648
Explorer
‎06-05-2018 11:19 AM
0 Kudos

Hi

"SAML protocol message was not signed skipping XML signature processing" is just a warning that is shown by the SP when only the assertion is signed by the "encryption" certificate in the SAML response. You can remove this warning by signing the entire SAML message by the certificate.

This is not the main issue which is giving 401. Instead, the real issue is the signature mismatch possibly due to the difference between the signing certificates - one that is present with the SAML assertion vs the other in the keystore of the SP. This mismatch is causing the 401 as the SAML assertion is not able to authenticate itself against the SP trusted CA. To troubleshoot this -

  1. Carefully observe the java keystore and check if it contains the signing certificate. This is very important.

  2. Check the SAML response if it contains the exact certificate. You can use http://phpseclib.sourceforge.net/x509/decoder.php to decode the certificates and verify

This should solve your problem. If it does not, then:

  1. Take out the signing certificate from the SAML response.

  2. Delete the earlier certificate and Import the certificate obtained from the above step in the keystore.

  3. Try accessing the SP again.

Hope this helps.

Show replies
Show replies
Former Member
‎07-11-2018 11:07 PM
0 Kudos

i compared both response certificate and certificate which we used both are same and we imported that certificate to to samlKeystore.jks file ext-integration\samlsinglesignon\web\webroot\WEB-INF\security directory but still we could see error can you let us know if you have any other thoughts

former_member809924
Explorer
‎06-09-2022 4:13 PM
0 Kudos

Hi Vikrant,

I am implementing SAML SSO in sap commerce Backoffice.

Once control comes back to SAP Commerce after successful authentication from IDP, I am getting below error in sap commerce :

"https://localhost:9002/samlsinglesignon/saml/SSO"

HTTP Status 401 – Unauthorized


console log:

INFO [hybrisHTTP38] [SAMLProtocolMessageXMLSignatureSecurityPolicyRule] SAML protocol message was not signed, skipping XML signature processing

No error in console logs.

Regards,

Siddharth

Ask a Question