How to validate SAML Issuer provided in request?

leeladuggirala · 12-22-2017 02:36 AM

Hi All,

I have confusion on how Apigee edge is validating Issuer/Subject internally. as in Validate SAML task we are not providing Issuer/Subject details.

If am giving wrong Issuer for validating return below error.

<code>Digital Signature Validation Failed","detail":{"errorcode":"steps.saml.validate.SignatureValidationFailed"}

So I wanted understand how exactly Apigee validating Issuer details with the input of only TrustStore?

Can anyone please help me to get better understanding.

Thanks.

Report Inappropriate Content

did you apply correct certificate in trust store? or it could be the helpful link ,

https://community.apigee.com/questions/5851/saml-validation.html

deboraelkin

This is standard digital signature verification. The SAML token includes a digital signature, which is essentially a hash of the message, encrypted with the issuer's private key. The trust store contains the issuer's public key. The verification step calculates the hash of the received message (using the same algorithm) and also decrypts the signature with the public key. If it matches the calculated hash, you can be confident that the token was issued by the issuer (and that it wasn't altered on its way through)