Error occured in RSA Federated Identity Manger (FIM) 4.1 'Unable to verify the signature value' error when processing assertion

2 years ago

Originally Published: 2013-07-04

Article Number

000051856

Applies To

RSA Product Set: RSA Federated Identity Manger (FIM)
RSA Product/Service Type: RSA Federated Identity Manger (FIM)
RSA Version/Condition: 4.1
ComponantSpace SAML v2.0 Single Sign-On (SSO) Component for .NET

Issue

FIM 4.1 error: "Unable to verify the signature value" error when processing assertion.

Error message in system.out log

Unable to verify the signature value: SAMLSignedObject.verify() detected an invalid signature profile, com.rsa.fim.exception.CryptoUtilException: 
Unable to verify the signature value: SAMLSignedObject.verify() detected an invalid signature profile

Error message in debug.log

util.crypto.dsig.verify.error, com.rsa.fim.saml.InvalidCryptoException: SAMLSignedObject.verify() detected an invalid signature profile.

Cause

This error indicates that the partner is using an invalid transform in the XML signature block.

The SAML 2.x specification lists only three acceptable transforms. If a transform other than the listed ones is used this error is generated.

5.4.4 Transforms

Signatures in SAML messages SHOULD NOT contain transforms other than the enveloped signature transform (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature) or the exclusive canonicalization transforms (with the identifier http://www.w3.org/2001/10/xml-exc-c14n# or http://www.w3.org/2001/10/xml-exc-c14n#WithComments).

Verifiers of signatures MAY reject signatures that contain other transform algorithms as invalid.

Resolution

Contact the partner for an updated version of the software that uses the correct XML transform.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles