"Unable to validate Signature"

[olivier jacques]

Hello all,

I'm getting the "Unable to validate Signature" message.

Full backtrace is as follow :

Validation with key #0 failed with exception: Unable to validate Signature
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /var/simplesamlphp/www/module.php:180 (N/A)
Caused by: Exception: Unable to validate Signature
Backtrace:
6 /var/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/Utils.php:166 (SAML2_Utils::validateSignature)
5 [builtin] (call_user_func)
4 /var/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/Message.php:212 (SAML2_Message::validate)
3 /var/simplesamlphp/modules/saml/lib/Message.php:208 (sspmod_saml_Message::checkSign)
2 /var/simplesamlphp/modules/saml/lib/Message.php:520 (sspmod_saml_Message::processResponse)
1 /var/simplesamlphp/modules/saml/www/sp/saml2-acs.php:96 (require)
0 /var/simplesamlphp/www/module.php:135 (N/A)


I'm using simplesamlphp as a SP.

When receiving response from IdP, I have in the response a Signature which contains SignedInfo, SignatureValue and KeyInfo.
The Keyinfo contains a X509Certificate.

The signature method is sha1 :
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

What I'm supposed to do is :
1. validate the embedded certificate with the root certificate the IdP gave me,
2. validate the signature with the embedded certificate.

I did try to do that manually (with some PHP test code), and it works fine, the signature is validated with the embedded certificate.

I'm a bit confused because when I trace simplesamlphp code, it seems that it is trying to validate the signature with root certificate instead of the embedded certificate.

If I comment in silplesamlphp code the validation of the signature, the assertion is correctly decrypted and I can have all the information about the user that is trying to logged.

What am I missing here ?

Is simplesamlphp supposed to try to validated the signature with the embedded cert ?

Any clues would be appreciated.

Thanks in advance,

Olivier

[Jaime Pérez Crespo]

Hi Olivier,

On 07 Oct 2014, at 16:43 pm, olivier jacques <olivier.j...@gmail.com> wrote:
> Hello all,
>
> I'm getting the "Unable to validate Signature" message.
>
> Full backtrace is as follow :
>
> Validation with key #0 failed with exception: Unable to validate Signature
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
> Backtrace:
> 0 /var/simplesamlphp/www/module.php:180 (N/A)
> Caused by: Exception: Unable to validate Signature

> I'm using simplesamlphp as a SP.
>
> When receiving response from IdP, I have in the response a Signature which contains SignedInfo, SignatureValue and KeyInfo.
> The Keyinfo contains a X509Certificate.
>
> The signature method is sha1 :
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>
> What I'm supposed to do is :
> 1. validate the embedded certificate with the root certificate the IdP gave me,
> 2. validate the signature with the embedded certificate.

No, what you are talking about here is PKI, and that’s out of the SAML trust model. In SAML, the trust is established by means of the metadata exchange, not by a hierarchy of certificates.

> I did try to do that manually (with some PHP test code), and it works fine, the signature is validated with the embedded certificate.
>
> I'm a bit confused because when I trace simplesamlphp code, it seems that it is trying to validate the signature with root certificate instead of the embedded certificate.

It’s trying to validate the signature with the certificate you configured, which in this case is the root certificate, not the one specified in the metadata as the one used for signing.

> If I comment in silplesamlphp code the validation of the signature, the assertion is correctly decrypted and I can have all the information about the user that is trying to logged.

You can just disable signature validation, instead of commenting out any code.

> What am I missing here ?
>
> Is simplesamlphp supposed to try to validated the signature with the embedded cert ?

As I said before, yes, SimpleSAMLphp does not support any kind of PKI validation procedures and the certificate you configure for a ceertain IdP is the one that will be used to verify signatures.

--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[olivier jacques]

Thanks Jaime for your answer.

I will then hook my own code in simplesamlphp to do those verifications on my side, as I can't afford not to verify the authenticity of the certificate received in the response, nor the signature.

Sincerely,

Olivier

[Thijs Kinkhorst]

Hi Olivier,

Obviously no-one doing serious SAML can afford not to verify the
authenticity of the response or the signature. Maybe you're missing the
point that in SAML, people do not rely on PKI with a root CA to verify
assertions, but instead the certificate used is exchanged by the
entities out of band (via so-called 'metadata'). This cerftificate is
then configured into the SAML implementation, e.g. simpleSAMLphp.

So I don't think there's a need to be hooking your own code to do the
verification.


Cheers,
Thijs

[Dick Visser]

I remember that some people (including me :-)) have been confused by
this as well.

The 'full' X509 certificates that are used in several places trick
people into thinking that all the attributes that are part of the
certificate are automatically also taken into account, which people
interpret as "validation".
This is not the case.
Another example is the Validity. Even if your cert is expired, it
still doesn't matter to SimpleSAMLphp. Basically anything except the
RSA public key is discarded.

To add a little bit to the confusion, (at least for metadatarefresh)
the fingerprint that is used is the fingerprint over the entire X509
cert, including the attributes - which aren't used.



--
Dick Visser
Sr. System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands

[olivier jacques]

Hi Thijs Kinkhorst,

Yes, obviously, I'm missing something.

If you read back my first message, why am I getting the "Unable to validate signature" message ?
If I get the embedded certificate and the SignatureValue from the IdP Response, I can validate the signature with the embedded cert with some very simple code of my own.
Why is SimpleSAMLPHP telling me "Unable to validate signature" then ?

Cheers,

Olivier

[Thijs Kinkhorst]

Did you configure the appropriate certificate in your simpleSAMLphp
saml20-idp-remote,php file?


Cheers,
Thijs

[olivier jacques]

Yes I did configure saml20-idp-remote,php with the root cert the IdP gave me.

Correct me if I'm wrong but SimpleSAMLPHP is supposed to validate the signature with the cert embedded in the response ?
Is that correct ?
And prior to that, the embedded cert must be validated with the root cert I put in saml20-idp-remote,php.
Is that correct ?

Chers,

Olivier

[Thijs Kinkhorst]

No, there's no root cert in play. You receive metadata from your IdP:
most probably an XML document; may be published on a HTTPS website or
exchanged via signed email or in another secure out-of-band way. This
document contains the certificate that will be used to sign the saml
assertions (itself - not a root). For example, for the Feide OpenIdP the
metadata looks like this:
https://openidp.feide.no/simplesaml/saml2/idp/metadata.php

You use e.g. simpleSAMLphp's "XML to simpleSAMLphp metadata converter"
to get a form that's usable for saml20-idp-remote.


Cheers,
Thijs

[olivier jacques]

Ok, I understand what you mean.

But, obviously, things don't work like that with our IdP.

Below is a sample of the response I get when authenticating:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="https://..." ID="..." InResponseTo="..." IssueInstant="2014-10-09T09:14:54.000Z" Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">test</saml:Issuer>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>

      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>...</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>...</SignatureValue>
    <KeyInfo>
      <X509Data>
        <X509Certificate>... cert ...</X509Certificate>
      </X509Data>
    </KeyInfo>
  </Signature>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </samlp:Status>
  <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    ...
  </saml2:EncryptedAssertion>
</samlp:Response>

As you can see, the X509 Certificate is embedded in the response. Let's call it the signing cert.
The IdP asks us to use the root cert, provided in another secure out-of-band way, to verify the signing cert attached to each response and then use the signing cert to verify the signature in the response.
The signing cert embedded in the response can change AT ANY time or can be revoked.

Our IdP only provided us with their root CA and a client identity to decrypt the assertion.

Looks like a common way of performing signature validation. As far as I know, it works pretty much like this in an SSL connection.

So if simplesamlphp can't handle this, I'll need to hook my own code to make it work.

Cheers

Olivier

[Thijs Kinkhorst]

On 09-10-14 14:02, olivier jacques wrote:
> Our IdP only provided us with their root CA and a client identity to
> decrypt the assertion.
>
> Looks like a common way of performing signature validation. As far as I
> know, it works pretty much like this in an SSL connection.

Common in SSL yes, but not common in SAML. SAML certificates are X.509
certs but do not usually form part of any PKI-like infrastructure.

> So if simplesamlphp can't handle this, I'll need to hook my own code to
> make it work.

If they really insist on that, that may indeed be your only option.
Requiring this mode of operation is however quite uncommon, in fact, I
think it does not comply with saml2int, the interoperable saml profile,
which also explains why simpleSAML doesn't support it. But perhaps the
best way forward is to get this IdP to adhere to saml2int instead.


Cheers,
Thijs

[olivier jacques]

As written on saml2int.org website, "SAML 2.0 leaves the deployer a lot of options, like how to pass attributes, what binding to use, how to use PKI, what should be signed and what should be encrypted...." so I don't think we should blame this IdP...

Thanks anyway for your prompt attention, I understand it's not an issue with my simpleSAML configuration but simply that it does not handle this use case.

Thanks,

Olivier

[Thijs Kinkhorst]

On 09-10-14 15:17, olivier jacques wrote:
> As written on saml2int.org website, "SAML 2.0 leaves the deployer a lot
> of options, like how to pass attributes, what binding to use, how to use
> PKI, what should be signed and what should be encrypted...." so I don't
> think we should blame this IdP...

The idea of saml2int is to actually solve the problem of those many
options and reduce their number so the interoperability increases. But
maybe this IdP isn't interested in interoperabilty.


Thijs