000014606 - RSA FIM error: The public key present in the message did not match the public key present in the trusted keystore.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014606
Applies ToRSA Federated Identity Manger (FIM) 4.1
IssueRSA FIM error: The public key present in the message did not match the public key present in the trusted keystore.
Following error in debug.log file
2014-06-19 11:28:25,597, (DSigHelper.java:548), TWFIM220V, , , , util.crypto.dsig.verify.error, java.lang.RuntimeException: Error code is not found: The public key present in the message did not match the public key present in the trusted keystore.
CauseThis error occurs if the end entity certificate used to sign the assertion is not the same one as that in the JKS truststore.
ResolutionCompare the certificate in the assertion with that in the JKS store.  Often the signing certificate is actually included as part of the assertion. 
Cut and past the data between X509Certificate tags into a text file and name the file certificate.cer.  View the file in Windows and it will show the certificate data. 
        <KeyInfo>
            <X509Data>
                <X509IssuerSerial>
                    <X509IssuerName>CN=WS Enterprise CA1, DC=WS, DC=WSFGRP, DC=NET</X509IssuerName>
                    <X509SerialNumber>82469454475971740607926</X509SerialNumber>
                </X509IssuerSerial>
                <X509Certificate>
                {cert data}
                </X509Certificate>
            </X509Data>
        </KeyInfo>
 
The certificate should match what is stored in the JKS store.  Use the following command to list the contents of the JKS store.
keytool -list -v -keystore truststore.jks
Legacy Article IDa66504

Attachments

    Outcomes