I have looked at many questions including https://stackoverflow.com/a/25384924/1317559. I have the IdP metadata and certificate, but can't seem to get Spring so see it.
- Added the certificate to the keystore: keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file certificate.crt
- In the metadata there are multiple certificates (2 different ones) and a SignatureValue.
- I tried to add the signature value with the same keytool command, but it is not a certificate.
- I tried to add the 2 certificates found in the metadata also.
I enabled debugging log and this is what I get:
- Successfully verified signature using KeyInfo-derived credential
- Attempting to establish trust of KeyInfo-derived credential
- Supplied trusted names are null or empty, skipping name evaluation
- Attempting PKIX path validation on untrusted credential: [subjectName='O=novell,OU=accessManager,CN=test-signing']
- PKIX path construction failed for untrusted credential: [subjectName='O=novell,OU=accessManager,CN=test-signing']: unable to find valid certification path to requested target
- Signature trust could not be established via PKIX validation of signing credential
- Failed to establish trust of KeyInfo-derived credential
- Failed to verify signature and/or establish trust using any KeyInfo-derived credentials
- PKIX validation of signature failed, unable to resolve valid and trusted signing key
- Signature trust establishment failed for metadata entry http://idp.ppd.com/nidp/saml2/metadata
- Error filtering metadata from http://idp.ppd.com/nidp/saml2/metadata org.opensaml.saml2.metadata.provider.FilterException: Signature trust establishment failed for metadata entry at org.opensaml.saml2.metadata.provider.SignatureValidationFilter.verifySignature(SignatureValidationFilter.java:312)
