SAML Verification Failure
In case Pega operates as a service consumer, an authentication method must be provides while perfoming service calls. Since we don't have any IDP at the moment we've implemented and integrated a custom feature for generating such SAML Assertion in pega, based on the open SAML 2.0 Library. Unfortunately we are struggling for weeks now with a saml verification failure that sporadically in production environment, during test, one out of every 10 attempts, results in the error.
Interesting is that with the same test data we got the error at first time, but the verification succeed with the second attempt.
And we could not reporduce the issue on our develope environment.
It seems that the Digest value has been changed after signification, but we could not track it, how could it be changed.
The error msg is as follows:
In case Pega operates as a service consumer, an authentication method must be provides while perfoming service calls. Since we don't have any IDP at the moment we've implemented and integrated a custom feature for generating such SAML Assertion in pega, based on the open SAML 2.0 Library. Unfortunately we are struggling for weeks now with a saml verification failure that sporadically in production environment, during test, one out of every 10 attempts, results in the error.
Interesting is that with the same test data we got the error at first time, but the verification succeed with the second attempt.
And we could not reporduce the issue on our develope environment.
It seems that the Digest value has been changed after signification, but we could not track it, how could it be changed.
The error msg is as follows:
[4/10/18 07:00:01:627 CEST] 0000890a WSSConsumer E CWWSS5514E: An exception while processing WS-Security message: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5620E: Signature verification failed: Core validity=false Signed info validity=false Signed info message='SignatureValue mismatched.'(validity=false message='Digest value mismatch: calculated: UdGB3Q6IDgrJUOfqMpJqZHI3pe3g9ajiFF5k4cff4pk=' uri='#7d869230-82c6-4b06-84b4-d1abb229b44f' type='null').
[4/10/18 07:00:03:904 CEST] 0000f89d WSSConsumer E CWWSS5514E: An exception while processing WS-Security message: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS5620E: Signature verification failed: Core validity=false Signed info validity=false Signed info message='SignatureValue mismatched.'(validity=false message='Digest value mismatch: calculated: yGwW/D4cnRFXBkTOo2cUgSN0O5l4LDuZbUiV1Jb9RQU=' uri='#a0ce26aa-1a80-4865-9c12-59fda128de90' type='null').