000023367 - ACS exception that occurs when signing is used along with POST and Redirect bindings

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023367
Applies ToRSA Federated Identity Manager (FIM) 3.1.1
RSA Federated Identity Manager (FIM) 3.1
BEA WebLogic 8.1
IBM WebSphere 6.0
IssueACS exception that occurs when signing is used along with POST and Redirect bindings
In Signing Policy, still want Auth Responses Signed
Missing Destination not handled in SAML Response

Unable to process the Response message, com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message


Stack trace in debug.log

2007-04-11 22:56:08,156, (SSOHelper.java:585), SAML20-19, , , , Unable to process the Response message, com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1325)

                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1128)

                at com.rsa.fim.profile.sso.SSOProfile_5wyj3w_EOImpl.processResponse(SSOProfile_5wyj3w_EOImpl.java:100)

                at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:64)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

                at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1077)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)

                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:7047)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)

                at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3902)

                at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2773)

                at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)

                at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

Caused by: com.rsa.fim.exception.ProfileException: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.verifySignature(ProfileHelper.java:1607)

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1320)

                ... 15 more

 

com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1325)

                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1128)

                at com.rsa.fim.profile.sso.SSOProfile_5wyj3w_EOImpl.processResponse(SSOProfile_5wyj3w_EOImpl.java:100)

                at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:64)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

                at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1077)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)

                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:7047)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)

                at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3902)

                at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2773)

                at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)

                at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

Caused by: com.rsa.fim.exception.ProfileException: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.verifySignature(ProfileHelper.java:1607)

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1320)

                ... 15 more

2007-04-11 22:56:08,171, (AssertionConsumerService.java:71), SAML20-19, , , , A ProfileException was encountered, com.rsa.fim.profile.sso.SSOProfileException: Exception encountered at the top-level of the profile bean: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.sso.SSOHelper.handleThrowable(SSOHelper.java:592)

                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1506)

                at com.rsa.fim.profile.sso.SSOProfile_5wyj3w_EOImpl.processResponse(SSOProfile_5wyj3w_EOImpl.java:100)

                at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:64)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

                at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1077)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)

                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:7047)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)

                at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3902)

                at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2773)

                at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)

                at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

Caused by: com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1325)

                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1128)

                ... 14 more

Caused by: com.rsa.fim.exception.ProfileException: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.verifySignature(ProfileHelper.java:1607)

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1320)

                ... 15 more

 

com.rsa.fim.profile.sso.SSOProfileException: Exception encountered at the top-level of the profile bean: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.sso.SSOHelper.handleThrowable(SSOHelper.java:592)

                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1506)

                at com.rsa.fim.profile.sso.SSOProfile_5wyj3w_EOImpl.processResponse(SSOProfile_5wyj3w_EOImpl.java:100)

                at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:64)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

                at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1077)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)

                at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)

                at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:7047)

                at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

                at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)

                at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3902)

                at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2773)

                at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)

                at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

Caused by: com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1325)

                at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:1128)

                ... 14 more

Caused by: com.rsa.fim.exception.ProfileException: The policy requires the message be signed, but received an unsigned message

                at com.rsa.fim.profile.util.ProfileHelper.verifySignature(ProfileHelper.java:1607)

                at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1320)

                ... 15 more

2007-04-11 22:56:08,171, (AssertionConsumerService.java:86), SAML20-19, , , , Exiting : AssertionConsumerService.doGet() : returning void

Resolution

Please contact RSA Technical Support to obtain hotfix #123.

Legacy Article IDa34520

Attachments

    Outcomes