Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Verification of SAML assertion using the IDP's certificate provided failed. Error: failed to verify signature with cert

lguplusIdaas
New Member
‎06-19-2024 09:15 PM

my SAML Response to Splunk.

 

<?xml version="1.0" encoding="UTF-8" standalone="no"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://RTNB336:8000/saml/acs" ID="_4c16f9be1c813c774f2f9111fd5602f6" InResponseTo="RTNB336.21.0882C4AC-681F-4648-AD0F-FDD9F4BE114B" IssueInstant="2024-06-20T01:56:14.199Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://hive.dreamidaas.com</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_4c16f9be1c813c774f2f9111fd5602f6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>Wjlp0IBLeluYep7QMphL/ZBkVsDqxbrFcgSDFiFxQBo=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Y0Lp7OR2BWIie+F60hJUhNdOLKhWlXnjLyD0Y7Ut1lPIYfL9uoClcQA98Ge961M7FjrC/uDA8yxGYKvApU4VOYzy7kLM0wbxFKUVXAuPAl5of0WWrMV8QMSWfCq8/ensPzlzsqg84tf86UgMZ2PodD6WOM9SIIW+izBPOP3emuv2c+UrvR2eyp1s+ItWn0AUB+0R0l+iqd+sNE/Gb+l9THlJYm68yLr2DY0nT66dOLKS3Q3jnMox6xrzsSnwaF6+H+dSnvd5YeBIMyjTC1bF6GjQpdudTNz8162TvtJjvAcTUOwhUmLyY4ytTvL+lHKOsDh57wZenvB4gVYzoF6T+A==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDtDCCApygAwIBAgIKJxHdhEoMRRD/JjANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJLUjEW
MBQGA1UECgwNRHJlYW1TZWN1cml0eTEMMAoGA1UECwwDU1NPMQ0wCwYDVQQDDARST09UMB4XDTIy
MDIyMzIzNTY1NFoXDTMyMDIyMzIzNTY1NFowTzELMAkGA1UEBhMCS1IxFjAUBgNVBAoMDURyZWFt
U2VjdXJpdHkxDDAKBgNVBAsMA1NTTzEaMBgGA1UEAwwRTUFHSUNfU1NPX0lEUF9TaWcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGEA5RIOlCH/xJX5qnAQRixJfuUhv2dBoGyCjO1qbJ
GuJh6lCF7mwsJbS+PStFrFvXBrfFt8S2QU7hndK5aj3f83IJiiv6y+a26/4xNf19sp6AtafAmWr9
kkI5AH51/9l8ypzf67OAUfrJxFPW6ZKgWiGp5yjrensl1IKxwP0joxUQXISI+epu07XpdWF2SJQ7
rVRNPZUP6sA+lNQsFDznN7moWFcU+UyrTJHDkgj/2qw4QvucNBY7Hj/bC/6KX1d0XSKfvQCfI4gu
Gd/4FL1ApnyTvZ/tnbcbl420NWbKgtn19Q4ZIqhj10ruTzVn1YOpwqBGP/NlKDVmKOCem7tvAgMB
AAGjgZ4wgZswagYDVR0jBGMwYYAULffLTJtBlWrpR2I1Coc4OG3funyhRqREMEIxCzAJBgNVBAYT
AktSMRYwFAYDVQQKDA1EcmVhbVNlY3VyaXR5MQwwCgYDVQQLDANTU08xDTALBgNVBAMMBFJPT1SC
AQEwHQYDVR0OBBYEFPvKSaxuZMLnM8ZqaFFkw0xeDp8CMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG
9w0BAQsFAAOCAQEAflCL2e6ZHxGDtK6PSjrGrhrkJ4XYHvKGnEWWajhL0RqqDoQhEAOAzEyGMcpQ
zWBF6etI+uDlnr7EfPCAojvwfcQCEGK4gCHskHHDkXNz5MAC2sSHqVEn/ChAO9nRnTRo4EZlFVgH
SXIDJqeWZd2wJ86u9cqA6XTyB/KuVwnTD2U/1W87ERpKlXtDNnC5hB3cp1ONaW+0+Fnn4NdSgMQd
SwteL/CtU+q/gcYt1izy1RGdcDRR11+nmfkZT6UYCyKj0ea0yc4SbRjGIEOgJExDJBL8eyc4X2D3
4k6B4rhPzx+vF1OB1esHB69T6Vlo+iUM+XtoLFUOhloNiDzXq+2Hgg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_93ae10442348482eb51b04051c58267a" IssueInstant="2024-06-20T01:56:14.199Z" Version="2.0"><saml2:Issuer>http://hive.dreamidaas.com</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="http://hive.dreamidaas.com" SPNameQualifier="RTNB336">rladnrud@devdreamsso.site</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="RTNB336.21.0882C4AC-681F-4648-AD0F-FDD9F4BE114B" NotOnOrAfter="2024-06-20T02:01:14.199Z" Recipient="http://RTNB336:8000/saml/acs"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2024-06-20T01:56:14.199Z" NotOnOrAfter="2024-06-20T02:01:14.199Z"><saml2:AudienceRestriction><saml2:Audience>RTNB336</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2024-06-20T01:55:52.000Z" SessionIndex="_8028c81d727dcc5a423afa58c645b8c5"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></samlp:Response>

 

There's no problem in my IDP. I don't know why Splunk can't verify signature properly

Labels (3)
Labels
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...