org.opensaml.xml.validation.ValidationException: Signature did not validate
against the credential's key
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUserManSigErrors
mentions turning on Debug level logging for
org.apache.xml.security.utils.DigesterOutputStream
I fiddled with my logging.properties file to get the logging turned on for
this class, but without luck. Can anyone please tell me what the
logging.properties should look like to get the debug output from this class?
Thanks.
On 5/26/11 11:44 AM, Swapna Gupta wrote:
>
> I fiddled with my logging.properties file to get the logging turned on for
> this class, but without luck. Can anyone please tell me what the
> logging.properties should look like to get the debug output from this class?
OpenSAML uses the sfl4j logging facade. You need to install and
configure an appropriate binding impl and/or bridge for slf4j.
https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUsrManJavaBB
I apologize for my ignorance about logging frameworks. Thanks.
On 5/26/11 12:50 PM, Swapna Gupta wrote:
> Thanks! I have added logback-core and logback-classic jars to the classpath. What else should I do to get the Debug messages from DigesterOuputStream? Reading the Logback documentation, it appears it is by default set to log at debug level to the console. But I don't see any messages on the console.
>
Ah, sorry, I spoke a little too quickly. To get logging from our
OpenSAML classes themselves, you do need to install an slf4j binding,
such as Logback.
To get logging from other libraries which don't use slf4j natively, you
need to address that logging framework's requirements. That
DigesterOutputStream is from Apache XML Security (Santuario) and uses
Apache Jakarta Commons Logging (JCL). So you need to get the actual log
output from JCL.
If you still want to use an SLF4J-based library like Logback as the
actual logging impl in your OpenSAML-based application (which is fine,
it's pretty good), then you need to install the SLF4J JCL to SLF4J
bridge jar. See:
It's the one listed there as jcl-over-slf4j.
Logback does log to the console by default. If you want it to go to a
file, etc. you just need a logback config file. The easiest is to just
put in your classpath. See the logback user manual for details.
Thanks.
-----Original Message-----
From: mace-opensaml...@internet2.edu [mailto:mace-opensaml...@internet2.edu] On Behalf Of Brent Putman
Sent: Thursday, May 26, 2011 12:50 PM
To: mace-open...@internet2.edu
Subject: Re: [OpenSAML] Signature Validation Logging
Also, to be clear, in this context of logback's internal default config,
"console" means stdout. So if you have stdout redirected somewhere,
that's where it would be going.
org.apache.commons.logging.Log log = LogFactory.getLog(org.apache.xml.security.utils.DigesterOutputStream.class);
And there is an slfj-nop jar in the classpath.
Could this be the reason nothing is getting logged?
http://www.slf4j.org/manual.html
You just want the slf4j-api jar and any bridge jars for other logging
frameworks that are used by components in your environment (e.g. the
jcl-over-slf4j).
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide
the reference number to identify the problem.
Reference number: bcdf60c2-ad00-40b3-942c-2cb2df597f83
Thanks.
Gina
And this is probably the wrong list to ask anyway, unless and until you
have some reason to believe it's related to your usage of OpenSAML.
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7055: Not all SAML
session participants logged out properly. It is recommended to close your
browser. at
Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSamlLogoutR
esponse(HttpSamlMessage samlMessage) at
Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SingleLogout(Uri
returnUrl, Boolean wsFedInitiated)
-----Original Message-----
From: mace-opensaml...@internet2.edu
[mailto:mace-opensaml...@internet2.edu] On Behalf Of Brent Putman
Sent: Friday, May 27, 2011 3:43 PM
To: mace-open...@internet2.edu
Your application is irelevant to ADFS. Logout protocols are defined by
messages on the wire, not the actual fact that a logout happened
internally. Your obligation is whatever the logout protocol says it is,
nothing more or less.
-- Scott