Re: SAML2.0 Encrypted assertion is not working.

Fri, 01 Aug 2014 03:54:09 -0700 

Sounds good, I'm redirecting to the users list, may help other users

Cheers, Sergey
On 31/07/14 23:00, rathnapandi wrote:

Thanks Sergey for the quick turnaround.I did not pass the proper Crypto
object, that's why i see the exception Cannot find key for alias: [null]

Actually  the issue with password call back handler, we should add the
private key's password into password callback handler class to decrypt the
saml assertion.

Thanks
Rathnapandi


On Thu, Jul 31, 2014 at 12:15 PM, Sergey Beryozkin [via CXF] <
ml-node+s547215n5747169...@n5.nabble.com> wrote:


Looks like it's a configuration issue, make sure the encryption
properties have an alias set. example:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=alice
org.apache.ws.security.crypto.merlin.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks


Cheers. Sergey
On 31/07/14 20:31, rathnapandi wrote:


Thanks Sergey, i am getting different exception while retrieving the

private

key.


org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for

alias:

[null]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:688)
at


org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.decryptAssertion(SAMLProtocolResponseValidator.java:447)


at


org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.validateSamlResponse(SAMLProtocolResponseValidator.java:119)


at


org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest.testSignedResponse(SAMLResponseValidatorTest.java:293)


at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at


sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)


at


sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


at java.lang.reflect.Method.invoke(Method.java:606)
at


org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)


at


org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)


at


org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)


at


org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)


at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at


org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)


at


org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)


at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at


org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)


at


org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)


at


org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)


at


org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)


at


org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)


at


org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)



I have imported the private key to keystore to decrypt the encrypted

saml

assertion. please find below the keystore information.

Your keystore contains 2 entries

alice, Apr 24, 2009, PrivateKeyEntry,
Certificate fingerprint (SHA1):
79:D3:FB:5D:7B:6C:89:1B:CD:D4:25:3F:A0:87:74:09:07:2B:1F:77
cn=test, Jul 31, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1):
86:A2:CC:BA:20:F7:89:23:F2:99:ED:C6:42:99:57:AE:25:CF:04:37




--
View this message in context:

http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747168.html


Sent from the cxf-dev mailing list archive at Nabble.com.




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com


------------------------------
  If you reply to this email, your message will be added to the discussion
below:

http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747169.html
  To unsubscribe from SAML2.0 Encrypted assertion is not working., click
here
<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5747089&code=cmF0aG5hcGFuZGkubkBnbWFpbC5jb218NTc0NzA4OXwtNTU0MTA3NzQ1>
.
NAML
<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>








--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to