Re: [gatein-dev] problem when config SAML2 with google and saleforce

Hi, Follow by docs, i generate certificate file by command: *keytool -export -keystore jbid_test_keystore.jks -alias servercert -file test-certificate.crt* And then upload file test-certificate.crt to google. Then i try to declare in the GATEIN_HOME/gatein/gatein.ear/portal.war/WEB-INF/conf/sso/saml/picketlink-idp.xml a ValidatingDomain *<ValidatingAlias Key="127.0.0.1" Value="servercert"/>* I see other exception on gatein site. And when i change the value of gatein.sso.sp.host in configuration.properties file as: gatein.sso.sp.host=google.com I also see the same exception. *Exception:* 10:21:20,112 ERROR [org.picketlink.identity.federation] (http-www.idp.com-127.0.0.1-8080-1) PLFED000253: Exception in processing request: org.picketlink.identity.federation.core.exceptions.ProcessingException: PLFED000145: Signature Validation failed at org.picketlink.identity.federation.PicketLinkLoggerImpl.samlHandlerSignatureValidationError(PicketLinkLoggerImpl.java:1106) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyRedirectBindingSignature(SAML2SignatureValidationHandler.java:152) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.validateSender(SAML2SignatureValidationHandler.java:94) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.handleRequestType(SAML2SignatureValidationHandler.java:56) at org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve.processSAMLRequestMessage(AbstractIDPValve.java:579) at org.gatein.sso.saml.plugin.valve.PortalIDPWebBrowserSSOValve.invoke(PortalIDPWebBrowserSSOValve.java:255) [sso-saml-plugin-1.3.1.Final.jar:1.3.1.Final] at org.gatein.sso.integration.SSODelegateValve.invoke(SSODelegateValve.java:155) [sso-integration-1.3.1.Final.jar:1.3.1.Final] at org.gatein.portal.security.jboss.PortalClusteredSSOSupportValve.invoke(PortalClusteredSSOSupportValve.java:88) [exo.portal.component.web.security-jboss-3.5.7.Final-SNAPSHOT.jar:3.5.7.Final-SNAPSHOT] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45] Caused by: java.lang.IllegalArgumentException: PLFED000078: Null Parameter: queryString at org.picketlink.identity.federation.PicketLinkLoggerImpl.nullArgumentError(PicketLinkLoggerImpl.java:64) at org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil.getToken(RedirectBindingSignatureUtil.java:309) at org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil.getTokenValue(RedirectBindingSignatureUtil.java:203) at org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(RedirectBindingSignatureUtil.java:188) at org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler.verifyRedirectBindingSignature(SAML2SignatureValidationHandler.java:144) ... 15 more On Thu, Oct 10, 2013 at 8:01 PM, Marek Posolda <mposolda(a)redhat.com&gt; wrote: