cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rathnapandi <rathnapand...@gmail.com>
Subject Re: SAML2.0 Encrypted assertion is not working.
Date Thu, 31 Jul 2014 20:00:49 GMT
Thanks Sergey for the quick turnaround.I did not pass the proper Crypto
object, that's why i see the exception Cannot find key for alias: [null]

Actually  the issue with password call back handler, we should add the
private key's password into password callback handler class to decrypt the
saml assertion.

Thanks
Rathnapandi


On Thu, Jul 31, 2014 at 12:15 PM, Sergey Beryozkin [via CXF] <
ml-node+s547215n5747169h24@n5.nabble.com> wrote:

> Looks like it's a configuration issue, make sure the encryption
> properties have an alias set. example:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=password
> org.apache.ws.security.crypto.merlin.keystore.alias=alice
> org.apache.ws.security.crypto.merlin.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
>
>
> Cheers. Sergey
> On 31/07/14 20:31, rathnapandi wrote:
>
> > Thanks Sergey, i am getting different exception while retrieving the
> private
> > key.
> >
> >
> > org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for
> alias:
> > [null]
> > at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:688)
> > at
> >
> org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.decryptAssertion(SAMLProtocolResponseValidator.java:447)
>
> > at
> >
> org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.validateSamlResponse(SAMLProtocolResponseValidator.java:119)
>
> > at
> >
> org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest.testSignedResponse(SAMLResponseValidatorTest.java:293)
>
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> > at java.lang.reflect.Method.invoke(Method.java:606)
> > at
> >
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
>
> > at
> >
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
>
> > at
> >
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
>
> > at
> >
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
>
> > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
> > at
> >
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
>
> > at
> >
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
>
> > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
> > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
> > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
> > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
> > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
> > at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
> > at
> >
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
>
> > at
> >
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
>
> > at
> >
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
>
> > at
> >
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
>
> > at
> >
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
>
> > at
> >
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
>
> >
> > I have imported the private key to keystore to decrypt the encrypted
> saml
> > assertion. please find below the keystore information.
> >
> > Your keystore contains 2 entries
> >
> > alice, Apr 24, 2009, PrivateKeyEntry,
> > Certificate fingerprint (SHA1):
> > 79:D3:FB:5D:7B:6C:89:1B:CD:D4:25:3F:A0:87:74:09:07:2B:1F:77
> > cn=test, Jul 31, 2014, PrivateKeyEntry,
> > Certificate fingerprint (SHA1):
> > 86:A2:CC:BA:20:F7:89:23:F2:99:ED:C6:42:99:57:AE:25:CF:04:37
> >
> >
> >
> >
> > --
> > View this message in context:
> http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747168.html
>
> > Sent from the cxf-dev mailing list archive at Nabble.com.
> >
>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
> Blog: http://sberyozkin.blogspot.com
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747169.html
>  To unsubscribe from SAML2.0 Encrypted assertion is not working., click
> here
> <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5747089&code=cmF0aG5hcGFuZGkubkBnbWFpbC5jb218NTc0NzA4OXwtNTU0MTA3NzQ1>
> .
> NAML
> <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>



-- 
Thanks and Regards
Rathnapandi




--
View this message in context: http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747170.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message