SAML - consume assertion error

I have an SAML test page that used to work in Coldfusion. What I do is to
handle the POSTed assertion, validate the signature based on public key. In
Lucee it generates an error message in my log file as seen below:

Error occured trying to extract assertion data… The Reference for URI
#dcaff33285ac6a7aba31ed254627dfce has no XMLSignatureInput; ;
samlAssertionXML: PHNhbWx…

I added xmlsec.jar to Lucee which I also did on CF. Anyone experiencing the
same issue?

Regards //Stefan

We’ll need some code I think to be able to help. I’ve done some SAML2 work
so might have some clue. I imagine however that its not related to that.
Could you post the code that your using to process the incoming assertion
request with?

DominicOn 21 May 2015 at 13:50, Stefan Wendin <@Stefan_Wendin> wrote:

I have an SAML test page that used to work in Coldfusion. What I do is to
handle the POSTed assertion, validate the signature based on public key. In
Lucee it generates an error message in my log file as seen below:

Error occured trying to extract assertion data… The Reference for URI
#dcaff33285ac6a7aba31ed254627dfce has no XMLSignatureInput; ;
samlAssertionXML: PHNhbWx…

I added xmlsec.jar to Lucee which I also did on CF. Anyone experiencing
the same issue?

Regards //Stefan


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/ebef7fce-9bdf-46ba-ada2-3ce930d5ef17%40googlegroups.com
https://groups.google.com/d/msgid/lucee/ebef7fce-9bdf-46ba-ada2-3ce930d5ef17%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


Pixl8 Interactive, 3 Tun Yard, Peardon Street, London
SW8 3HT, United Kingdom

T: +44 [0] 845 260 0726• W: www.pixl8.co.uk• E: info@pixl8.co.uk
Follow us on: Facebook http://www.facebook.com/pixl8 Twitter
http://www.twitter.com/pixl8 LinkedIn
http://www.linkedin.com/pixl8CONFIDENTIAL
AND PRIVILEGED - This e-mail and any attachment is intended solely for the
addressee, is strictly confidential and may also be subject to legal,
professional or other privilege or may be protected by work product
immunity or other legal rules. If you are not the addressee please do not
read, print, re-transmit, store or act in reliance on it or any
attachments. Instead, please email it back to the sender and then
immediately permanently delete it. Pixl8 Interactive Ltd Registered in
England. Registered number: 04336501. Registered office: 8 Spur Road,
Cosham, Portsmouth, Hampshire, PO6 3EB

I managed to solve the issue. I was using incorrect attribute reference
since the saml response signature was different to the assertion signature.
Case closed!

Den torsdag 21 maj 2015 kl. 14:50:53 UTC+2 skrev Stefan Wendin:>

I have an SAML test page that used to work in Coldfusion. What I do is to
handle the POSTed assertion, validate the signature based on public key. In
Lucee it generates an error message in my log file as seen below:

Error occured trying to extract assertion data… The Reference for URI
#dcaff33285ac6a7aba31ed254627dfce has no XMLSignatureInput; ;
samlAssertionXML: PHNhbWx…

I added xmlsec.jar to Lucee which I also did on CF. Anyone experiencing
the same issue?

Regards //Stefan

Would you mind sharing your fixed code? I’m running into the same issue.On Monday, May 25, 2015 at 7:05:34 AM UTC-4, Stefan Wendin wrote:

I managed to solve the issue. I was using incorrect attribute reference
since the saml response signature was different to the assertion signature.
Case closed!

What you need to do is find the correct signature. If the response is
signed with one reference as item(0):
signature =
XMLSignatureClass.init(docElement.getElementsByTagNameNS(“http://www.w3.org/2000/09/xmldsig##","Signature”).item(0),
javacast(“string”,""));

The assertion would be signed with reference in item(1):
signature =
XMLSignatureClass.init(docElement.getElementsByTagNameNS(“http://www.w3.org/2000/09/xmldsig##","Signature”).item(1),
javacast(“string”,""));

My reference ID points to item(1) which is why I had to add that as the
signature value.

Den onsdag 27 maj 2015 kl. 22:21:22 UTC+2 skrev Juan Aguilar:>

Would you mind sharing your fixed code? I’m running into the same issue.

On Monday, May 25, 2015 at 7:05:34 AM UTC-4, Stefan Wendin wrote:

I managed to solve the issue. I was using incorrect attribute reference
since the saml response signature was different to the assertion signature.
Case closed!