cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rathnapandi <rathnapand...@gmail.com>
Subject SAML2.0 Encrypted assertion is not working.
Date Wed, 30 Jul 2014 16:06:38 GMT
Hi,

I am working on IDP initiated single sign on. while trying to decrypt the
encrypted SAML assertion, i am getting following exception. 

org.apache.wss4j.common.ext.WSSecurityException: SAML token security failure
	at
org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.decryptAssertion(SAMLProtocolResponseValidator.java:417)
	at
org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.validateSamlResponse(SAMLProtocolResponseValidator.java:121)
	at
org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest.testSignedResponse(SAMLResponseValidatorTest.java:293)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
	at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
	at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
	at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
	at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
	at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
	at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

SAML Request: 


<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
	ID="e39bdc9e-6920-4894-9742-f56534aa870c"
InResponseTo="http://cxf.apache.org/saml"
	IssueInstant="2014-07-30T00:12:08.486Z" Version="2.0">
	<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://cxf.apache.org/issuer</saml2:Issuer>
	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
		<ds:SignedInfo>
			<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
			<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
			<ds:Reference URI="#e39bdc9e-6920-4894-9742-f56534aa870c">
				<ds:Transforms>
					<ds:Transform
						Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
				</ds:Transforms>
				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
				<ds:DigestValue>1/IygBB7AS3HnpfezbRDVKV9rKo=</ds:DigestValue>
			</ds:Reference>
		</ds:SignedInfo>
	
<ds:SignatureValue>fF42I5HivEoC435ItcmlYGOZcOGdS+EJGGwYLdm7osNVx8fpMAr7x4coH6P18xrnBG7VxShNUdRCAHfGbInBOcI3D5gyN3IRJZxgnJkJ0MKSrEDvKTm2d/YtBD34Wt8ov0TwYYmranknhutIjcTmPzqtAY2SRU4iIaS+1oh6Ans=</ds:SignatureValue>
		<ds:KeyInfo>
			<ds:X509Data>
			
<ds:X509Certificate>MIICGjCCAYOgAwIBAgIESVRgATANBgkqhkiG9w0BAQUFADAzMRMwEQYDVQQKEwphcGFjaGUub3Jn
				
MQwwCgYDVQQLEwNlbmcxDjAMBgNVBAMTBWN4ZmNhMB4XDTcwMDEwMTAwMDAwMFoXDTM4MDExOTAz
				
MTQwN1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGlj
				
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvu747/VShQ85f16DGSc4Ixh9PVpGguyEqrCs
				
K8q9XHOYX9l9/g5wEC6ZcR2FwfNsoaHcKNPjd5sSTzVtBWmQjfBEfIqwTR7vuihOxyNTwEzVwIJz
				
vo7p8/aYxk+VdBtQxq4UweIcf/iFkUbM1cZ1oiXRQzciRBi+C1BQCQE0qzsCAwEAAaM7MDkwIQYD
				
VR0SBBowGIIWTk9UX0ZPUl9QUk9EVUNUSU9OX1VTRTAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJ
				
KoZIhvcNAQEFBQADgYEAhLwkm+8psKt4gnbikGzV0TgpSWGcWxWKBi+z8tI2n6hFA5v1jVHHa4G9
				
h3s0nxQ2TewzeR/k7gmgV2sI483NgrYHmTmLKaDBWza2pAuZuDhQH8GAEhJakFtKBP++EC9rNNpZ
					nqqHxx3qb2tW25qRtBzDmK921gg9PMomMc7uqRQ=</ds:X509Certificate>
			</ds:X509Data>
		</ds:KeyInfo>
	</ds:Signature>
	<saml2p:Status>
		<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
	</saml2p:Status>
	<saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
		<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
			Id="_5db2d7b21d83fd63ffcec446a2d45e9f"
Type="http://www.w3.org/2001/04/xmlenc#Element">
			<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"
					URI="#_fc396a1ca1321c7137314335ce6b32c3" />
			</ds:KeyInfo>
			<xenc:CipherData>
			
<xenc:CipherValue>HVkriaqxkl1H9E/p68bSL2HOZGF7wzq2Dc8knEDAu7FHhJwaIGmPdEoh0ff2m4xkYmCJFQGsJu7iDuG48guU8E/gEVRaljRFrYfLJ3mWhPv99DvseZtX1DyQiu9ceiXfYIlXJ2QwKEqeEpEG8+myFQ/HpNlZ2Zxf9/Hs/TFUHlrv3QvF1toLgVmHLPlqojVvMy4pa5+pRpUx8qqxRlEVYGN2yrWUEom/HTPZ23N3Jrjfin6oiQo3ljCrysjZsO4v6R+BcmhDbyUT8bHZhUQ7AfygUV6QxKUwbUXZimL+YjwzCl3TXn/UuGJscsXNQmuKh5/yRntgzIMzc3kFq9d1V5e+opnVfJVxElK3xGCXbroS5/BgzYuHhu08OH93c5ekpIUtstNbdLDuJLiGUrwzkMEPtVTWepLLVYI8wV5S/fvTWqvtZa4fz9IE9QZ8QGkaI2rZKkRi/jXU1bkluXk0k1v2xxLQy2qofGzNvW7j5XyW3cdjISZECH/CRxq1vA2y9W2cqvivpmEd2h8qf+y6N2yYQZuc+yTCUNP63KT51ZP+vgSAtRZICHY7KGMK0/bS1UC2n6lEtVEJv3EztYprLiItApIafraDZZai0rjFxxXOwedaDdEhUXWMd7TReeNEPUTa3NzzWWxc6DWDnCOtdGHI5+m2msKs26a+Q1CW0OYyv083B0NXUi7OxGTxFyT2evfwSaEZlRUWqiipPwkvxr1VXE4/uiDjFm2yJc1a1nDKIx56MY5mVnJwk82xLyuQKjJW8KruD1ArxQn/HEwzmz7POPCy8rA/dEp8s83waJ/PyJbE2dnkroWjG4QeX3NDtmxuIdDGqSB7bdXl9eF4+0SDoWNbQQna30hmFyN6Z0Hl1S/xVK8lNOKMG5j4JNjyZoSDfnJJWQtbIB/OUxFhXTEwUIU5jwpnazTNy7oe+lwqPG5/s45zGZf54gAFSNhD5zpWMQFR1oZOFwYbO/SIwyoVUqPDpoS+nyMrwCeklklNs0c1dFAc4ZUzwRs5oqLxuW3wh+wqIFCoy+bOONYNdvnBgLfjSqczEPXZ/oNDlfGN9gwEtqn/ZrXG2wjic4lyU6jZbHKTPgQzVVvH+TS2NuVSez0fLbs+8gEU6Oc7zWeSm+D/xPNkRDOwJJJ4db801V7K2cE3lCrUyYaUPnLyKqd5E9vJL7KENehLJTEOGkP1dINt1Zmm2b3HUYB4ckgprND8x23ugNz3MAbuDklUvvGwUPT/T8hJsO5PXLF8X6NssiHYa12sGWEdsAZHx1pHBiIFG0iTacnTmJ5nxZ4mT1YadBkWtf3eo2VoDI1USaM=</xenc:CipherValue>
			</xenc:CipherData>
		</xenc:EncryptedData>
		<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
			Id="_fc396a1ca1321c7137314335ce6b32c3">
			<xenc:EncryptionMethod
				Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
				<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
					Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
			</xenc:EncryptionMethod>
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
				
<ds:X509Certificate>MIICozCCAYsCBgFHeaCnQzANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpBeHdheSBDU09TMB4X
					
DTE0MDcyNzIxMDEwMFoXDTE5MDcyNzIxMDEwMFowFTETMBEGA1UEAxMKQXh3YXkgQ1NPUzCCASIw
					
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANEA0LYHjry0wGwrWGCxtN5fMJMESjKe2fjdnPqN
					
oOFxTqtubtLNFjo+1FIM6+zrerB0QbKMN6YJfJ9rUvWSullbx8cpfiGqU9PYtl5NKuu8sSUN4W3E
					
5jSK5j1Wab/Z1oliX3Vt4P/6r33RtrPtk7kcJR3T/fafYKY1L7hrEEK3TXp7hIddf8oPjAYVzK9q
					
VYNvU2jjR16CNkGjLqxCnW1JZQ704yuO9BfhYP0Z4QDvHQb5hbWox70T6/MIrZn/IofmotuwDWeV
					
J5wWmPXEAcitA1hIw0VKj4qiVAHUmA8ae88jQcMD/I10hJg9Hs4EXZTDIwr7hyLLaL19BeuYlWMC
					
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEAZHrHcTqRiJ/5k4NmrCD5HIed1mLwbUxO63CkM/PYQVTG
					
tDn4zD8IjfqhjLNud7g53HjqIdu2Qi86+0ZVncQdMfX9X8y3pz42vfpFStqNt8ExxDZXdKW747AX
					
GzgLLT02AulArd5wd3y3qFJGfVkqvrSvuAtC6lE+TezMZQIAh5Lxa9EugFrG0llZvVDNg20iOr7y
					
HpVGyI3P82+krv1LhqhKuTJoH0vLaAQQxGxBWLhpsefIEAEPepDbz/fW0fGoQYTMmnY2nVFd1N4T
					
oKAVYsvYK14fPtUgx+lUyJaMfMFXX6babq2wctv18WkAolymV22ToHnEC/QdI6sszFBh2g==</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
			<xenc:CipherData>
			
<xenc:CipherValue>eJ7Ro0S+tyKFPfhlhzarGWJTLDVt/mE/V9ooLwlX91BM2GOfL6P+6WaHijY/oXjwKXBHQ36jM+1wIwEo5FWSQTCVaU4vsxpkyzz2XkHO1uvUHSXQo/Z6LIcBh2OfNXCET1vu+B7XHRmEQIeDg6hI3kUJTcIJ+VDtYTdtzF/OJMMLeypCIvyt1b2Z5xHVxYbaItdqQbQ/nNgJdUcYvlNj3J6ZmVxIekVHKhUVe6PWK/79v0VdPi2VBQ1b5ukkDalsH64irOjcXfeZe6N4Sxgw84gbF6X9qGHt738Fu5i3lcL0fwEz8BpRrpX1eMMIVZFKukUuocw6X8f0NwPjF7O3Sw==</xenc:CipherValue>
			</xenc:CipherData>
			<xenc:ReferenceList>
				<xenc:DataReference URI="#_5db2d7b21d83fd63ffcec446a2d45e9f" />
			</xenc:ReferenceList>
		</xenc:EncryptedKey>
	</saml2:EncryptedAssertion>
</saml2p:Response>

Am i missing anything?


CXF Version: 3.1.0-SNAPSHOT

Thanks
Rathnapandi



--
View this message in context: http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message