My Oracle Support Banner

Oracle Access Manager 12c (OAM 12.2.1.3.0) Federation Flow Results in Blank Page Service Provider (SP) Logs Shows "Signature did not validate against the credential's key" (Doc ID 2427762.1)

Last updated on JULY 27, 2018

Applies to:

Oracle Access Manager - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager 12c (OAM 12.2.1.3.0) Federation Flow Results in Blank Page Service Provider (SP) Logs Shows "Signature did not validate against the credential's key"

{WARN ][10:17:27,171-89171][[ACTIVE] ExecuteThread: '58' for queue: 'weblogic.kernel.Default (self-tuning)'][-] org.apache.xml.security.signature.XMLSignature >> Signature verification failed.  
[ERROR][10:17:27,171-89171][[ACTIVE] ExecuteThread: '58' for queue: 'weblogic.kernel.Default (self-tuning)'][-] com.sungard.cs.sso.util.SamlUtils >> Signature did not validate against the credential's key  
org.opensaml.xml.validation.ValidationException: Signature did not validate against the credential's key
at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
at com.sungard.cs.sso.util.SamlUtils.verifySignature(SamlUtils.java:830)

Flow

  • SP partners sends authentication request to IDP which is OAM
  • OAM completest Kerbrose based authenticate and sets OAM and Federation specific cookies
  • OAM Sends SAMLResponse to application
  • Able to decode SAML response and and can see its contents
  • From OAM side authentication flow appears to be correct
  • On SP end SP is throwing error “Signature did not validate against the credential's key”

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.