ERR_FAILED_TO_VERIFY_SIGNATURE

[frax93]

Hi,

I'm using version 2.7.1.

I'm trying to setup integration with a ForgeRock IdP. When i do the authentication request everything goes right. But when I have the response from the IdP I get the error "ERR_FAILED_TO_VERIFY_SIGNATURE".

My config for sp is this:

{
  entityID: serviceProviderEntityID,
  wantLogoutRequestSigned: true,
  authnRequestsSigned: true,
  signingCert: certificate,
  privateKey: privateKey,
  generateID: () => '_' + uuid(),
  requestSignatureAlgorithm: Constants.algorithms.signature.RSA_SHA256,
  transformationAlgorithms: [
    'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
    'http://www.w3.org/2001/10/xml-exc-c14n#'
  ],
  assertionConsumerService: [{
    Binding: Constants.namespace.binding.post,
    Location: callbackUrl
  }],
  singleLogoutService: [{
    Binding: Constants.namespace.binding.post,
    Location: logoutCallbackUrl
  }],
  nameIDFormat: [Constants.namespace.format.transient],
  loginNameIDFormat: Constants.namespace.format.transient,
}

And for Idp I have just imported the metadata in xml. I'm using the binding in post. What's the problem?

Thank you for the answer.

[tngan]

@frax93 Please send me a message on https://spectrum.chat/samlify, I will help you to get through the debugging process.

After this issue is fixed, we will update the ticket without exposing sensitive information later on.

[tngan]

https://github.com/authenio/react-samlify/tree/develop

I have tried to setup local OpenAM, that's the simplest example with assertion signature. Setup flow will be added into the documentation later on.

[tngan]

@frax93 Any update for this issue?

[frax93]

I still have the same error when I parse the response.

[marwej]

I also get this error when trying to integrate with Layer7 SiteMinder. I'll contact you directly.

[tngan]

@frax93 Can you also send me the base64 encoded string of the SAML response?

[rjferguson21]

I was able to fix my signature verification failures by locking xml-crypto to version v1.4.0.