cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: SAML2.0 Encrypted assertion is not working.
Date Fri, 01 Aug 2014 10:52:49 GMT
Sounds good, I'm redirecting to the users list, may help other users

Cheers, Sergey
On 31/07/14 23:00, rathnapandi wrote:
> Thanks Sergey for the quick turnaround.I did not pass the proper Crypto
> object, that's why i see the exception Cannot find key for alias: [null]
>
> Actually  the issue with password call back handler, we should add the
> private key's password into password callback handler class to decrypt the
> saml assertion.
>
> Thanks
> Rathnapandi
>
>
> On Thu, Jul 31, 2014 at 12:15 PM, Sergey Beryozkin [via CXF] <
> ml-node+s547215n5747169h24@n5.nabble.com> wrote:
>
>> Looks like it's a configuration issue, make sure the encryption
>> properties have an alias set. example:
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>>
>> org.apache.ws.security.crypto.merlin.keystore.type=jks
>> org.apache.ws.security.crypto.merlin.keystore.password=password
>> org.apache.ws.security.crypto.merlin.keystore.alias=alice
>> org.apache.ws.security.crypto.merlin.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
>>
>>
>> Cheers. Sergey
>> On 31/07/14 20:31, rathnapandi wrote:
>>
>>> Thanks Sergey, i am getting different exception while retrieving the
>> private
>>> key.
>>>
>>>
>>> org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for
>> alias:
>>> [null]
>>> at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:688)
>>> at
>>>
>> org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.decryptAssertion(SAMLProtocolResponseValidator.java:447)
>>
>>> at
>>>
>> org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.validateSamlResponse(SAMLProtocolResponseValidator.java:119)
>>
>>> at
>>>
>> org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest.testSignedResponse(SAMLResponseValidatorTest.java:293)
>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>
>>> at
>>>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>> at
>>>
>> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
>>
>>> at
>>>
>> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
>>
>>> at
>>>
>> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
>>
>>> at
>>>
>> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
>>
>>> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
>>> at
>>>
>> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
>>
>>> at
>>>
>> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
>>
>>> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
>>> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
>>> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
>>> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
>>> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
>>> at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
>>> at
>>>
>> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
>>
>>> at
>>>
>> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
>>
>>> at
>>>
>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
>>
>>> at
>>>
>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
>>
>>> at
>>>
>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
>>
>>> at
>>>
>> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
>>
>>>
>>> I have imported the private key to keystore to decrypt the encrypted
>> saml
>>> assertion. please find below the keystore information.
>>>
>>> Your keystore contains 2 entries
>>>
>>> alice, Apr 24, 2009, PrivateKeyEntry,
>>> Certificate fingerprint (SHA1):
>>> 79:D3:FB:5D:7B:6C:89:1B:CD:D4:25:3F:A0:87:74:09:07:2B:1F:77
>>> cn=test, Jul 31, 2014, PrivateKeyEntry,
>>> Certificate fingerprint (SHA1):
>>> 86:A2:CC:BA:20:F7:89:23:F2:99:ED:C6:42:99:57:AE:25:CF:04:37
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>> http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747168.html
>>
>>> Sent from the cxf-dev mailing list archive at Nabble.com.
>>>
>>
>>
>> --
>> Sergey Beryozkin
>>
>> Talend Community Coders
>> http://coders.talend.com/
>>
>> Blog: http://sberyozkin.blogspot.com
>>
>>
>> ------------------------------
>>   If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747169.html
>>   To unsubscribe from SAML2.0 Encrypted assertion is not working., click
>> here
>> <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5747089&code=cmF0aG5hcGFuZGkubkBnbWFpbC5jb218NTc0NzA4OXwtNTU0MTA3NzQ1>
>> .
>> NAML
>> <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message