cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Commented] (CXF-6715) SAMLProtocolResponseValidator fails to decrypt an assertion
Date Mon, 21 Dec 2015 15:07:46 GMT


Colm O hEigeartaigh commented on CXF-6715:

The problem is that the EncryptedKey does not contain a KeyInfo, and hence the code doesn't
know where to get a private key from to decrypt the key. I've updated the code a bit to use
the default identifier in the Crypto instance if no KeyInfo is available. You can specify
this with:


> SAMLProtocolResponseValidator fails to decrypt an assertion
> -----------------------------------------------------------
>                 Key: CXF-6715
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.0.7
>            Reporter: Michal Sabo
>            Assignee: Colm O hEigeartaigh
>         Attachments: samlResponse.xml
> During the decryption of the SAML assertion a WSSecurityException exception is thrown,
when it fails to load X509 certificate for an EncryptedKey element (
However it seems that the EncryptedKey element is correct according to the XML Encryption
Syntax schema.
> This is the problematic EncryptedKey element (part of the whole SAML response attached):
> {{<xenc:EncryptedKey xmlns:xenc="" Id="id-dG6qwCA9nALpsqno8mQK3XEyx2c-"><xenc:EncryptionMethod

This message was sent by Atlassian JIRA

View raw message