{"id":5606,"date":"2013-06-17T11:27:06","date_gmt":"2013-06-17T15:27:06","guid":{"rendered":"http:\/\/onlineappsdba.com\/?p=5606"},"modified":"2013-06-17T11:27:41","modified_gmt":"2013-06-17T15:27:41","slug":"troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/","title":{"rendered":"Troubleshooting the error &#8220;The signing certificate does not match what&#8217;s defined in the entity metadata&#8221;"},"content":{"rendered":"<p>I was working on federation with IDP as custom solution and SP as fedlet. The SAML authentication request and SAML response was generated successfully. However while validating the SAML response by Fedlet, it was throwing the below error in the browser.<a href=\"https:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-5608\" src=\"https:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif\" alt=\"\" width=\"566\" height=\"145\" srcset=\"https:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif 566w, https:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1-300x76.gif 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/a><\/p>\n<p>Upon looking at libSAML2 debug file I could see 2 exceptions in the logs<\/p>\n<p><span style=\"color: #ff0000\"><em>ERROR: KeyUtil.getVerificationCert: No signing KeyDescriptor for entityID=XXXXXX in IDPRole role.<\/em><\/span><\/p>\n<p><span style=\"color: #ff0000\"><em>ERROR: SAML2Utils: The signing certificate does not match what&#8217;s defined in the entity metadata.<\/em><\/span><\/p>\n<p>entityID is the ID value provied in fedlet.cot file in fedlet configuration.<\/p>\n<p><strong>Troubleshooting process<\/strong>:<\/p>\n<p>Identity provider was signing the SAML response and encrypting the assertion. So the signing and validation has worked before and it is failing all at once.<\/p>\n<p>IDP will provide the certificate in the metadata that they provide. Service Provider\u00a0 (Fedlet) verifies if the signature is valid by first checking if there is a certificate configured in Identity provider metadata signing block. Then it checks with Trusted Certificate for validating the signature. I have verified the IDP metadata in fedlet configuration and found that certificate was missing in Signing section which is the root cause of this error.<\/p>\n<p>After placing the Signing block in IDP metadata and restarting the application server containing fedlet, the federation has worked!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was working on federation with IDP as custom solution and SP as fedlet. The SAML authentication request and SAML [&hellip;]<\/p>\n","protected":false},"author":115,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[40,42],"tags":[389,466],"class_list":["post-5606","post","type-post","status-publish","format-standard","hentry","category-sso","category-troubleshooting","tag-fedlet","tag-troubleshooting"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Troubleshooting the error &quot;The signing certificate does not match what&#039;s defined in the entity metadata&quot; -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Troubleshooting the error &quot;The signing certificate does not match what&#039;s defined in the entity metadata&quot; -\" \/>\n<meta property=\"og:description\" content=\"I was working on federation with IDP as custom solution and SP as fedlet. The SAML authentication request and SAML [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-17T15:27:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-06-17T15:27:41+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif\" \/>\n<meta name=\"author\" content=\"Masroof Ahmad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Masroof Ahmad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/\",\"url\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/\",\"name\":\"Troubleshooting the error \\\"The signing certificate does not match what's defined in the entity metadata\\\" -\",\"isPartOf\":{\"@id\":\"https:\/\/onlineappsdba.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif\",\"datePublished\":\"2013-06-17T15:27:06+00:00\",\"dateModified\":\"2013-06-17T15:27:41+00:00\",\"author\":{\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\"},\"breadcrumb\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#primaryimage\",\"url\":\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif\",\"contentUrl\":\"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/onlineappsdba.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Troubleshooting the error &#8220;The signing certificate does not match what&#8217;s defined in the entity metadata&#8221;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/onlineappsdba.com\/#website\",\"url\":\"https:\/\/onlineappsdba.com\/\",\"name\":\"\",\"description\":\"Oracle Implementation &amp; Training Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/onlineappsdba.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\",\"name\":\"Masroof Ahmad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"caption\":\"Masroof Ahmad\"},\"url\":\"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Troubleshooting the error \"The signing certificate does not match what's defined in the entity metadata\" -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/","og_locale":"en_US","og_type":"article","og_title":"Troubleshooting the error \"The signing certificate does not match what's defined in the entity metadata\" -","og_description":"I was working on federation with IDP as custom solution and SP as fedlet. The SAML authentication request and SAML [&hellip;]","og_url":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/","article_published_time":"2013-06-17T15:27:06+00:00","article_modified_time":"2013-06-17T15:27:41+00:00","og_image":[{"url":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif","type":"","width":"","height":""}],"author":"Masroof Ahmad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Masroof Ahmad","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/","url":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/","name":"Troubleshooting the error \"The signing certificate does not match what's defined in the entity metadata\" -","isPartOf":{"@id":"https:\/\/onlineappsdba.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#primaryimage"},"image":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#primaryimage"},"thumbnailUrl":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif","datePublished":"2013-06-17T15:27:06+00:00","dateModified":"2013-06-17T15:27:41+00:00","author":{"@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb"},"breadcrumb":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#primaryimage","url":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif","contentUrl":"http:\/\/onlineappsdba.com\/wp-content\/uploads\/2013\/06\/1.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/onlineappsdba.com\/index.php\/2013\/06\/17\/troubleshooting-the-error-the-signing-certificate-does-not-match-whats-defined-in-the-entity-metadata\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onlineappsdba.com\/"},{"@type":"ListItem","position":2,"name":"Troubleshooting the error &#8220;The signing certificate does not match what&#8217;s defined in the entity metadata&#8221;"}]},{"@type":"WebSite","@id":"https:\/\/onlineappsdba.com\/#website","url":"https:\/\/onlineappsdba.com\/","name":"","description":"Oracle Implementation &amp; Training Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onlineappsdba.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb","name":"Masroof Ahmad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","caption":"Masroof Ahmad"},"url":"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/"}]}},"_links":{"self":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/5606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/comments?post=5606"}],"version-history":[{"count":0,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/5606\/revisions"}],"wp:attachment":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/media?parent=5606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/categories?post=5606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/tags?post=5606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}