Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8566

Insufficient debug logging in AMSignatureProvider

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 13.0.0, 14.0.0
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: SAML
    • Sprint:
      AM Sustaining Sprint 23

      Description

      It's hard to tell from the following debug log excerpt why signature verification fails ...

      libSAML:03/14/2016 09:49:23:212 AM CDT: Thread[http-bio-8181-exec-5,5,main]: TransactionId[093ede54-54ea-4d47-a2e8-1ef8aa545c32-436]
      SAMLUtils.checkSignatureValid: Couldn't verify signature.
      

      at least the cert alias to verify the signature should be printed out in message level in AMSignatureProvider.verifyXMLSignature(....)

      I suspect the issue leading to the above error is at

      "AMSignatureProvider.verifyXMLSignature(...) - OpenAM 13.0.0 source"
                      if (certAlias == null || certAlias.length() == 0) {
                          return false; 
                      }
                      if (SAMLUtilsCommon.debug.messageEnabled()) {
                          SAMLUtilsCommon.debug.message("Could not find a KeyInfo, "
                              + "try to use certAlias");
                      }
      

      -> cert alias is null or empty as the message

      Could not find a KeyInfo, try to use certAlias
      

      does not show up. Without looking at the code this is not possible to find out.

        Attachments

          Activity

            People

            • Assignee:
              jonthomas Jonathan Thomas
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h