It depends on the type of encryption algorithm you are using. What is the encryption algorithm you are using ?. Also make sure that you have installed JCE extensions on top of relevant java version you are using.
On Thu, Nov 2, 2017 at 10:07 PM, Jason De Silva <[email protected]> wrote: > Hi Hasintha, > > Yes, I am using SAML bearer grant type. I am basically trying to get the > sample provided in [1] to work so that I can extend it to work with other > OAuth grant types. Also, you are correct when I unticked "Enable Assertion > Encryption" it logged me in successfully. Is there a reason that we cannot > use the encrypted assertion here? > > [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims > > Regards, > Jason > > Jason De Silva > *Software Engineer - QA* > Mobile: +94 (0) 772 097 678 > Email: [email protected] > WSO2 Inc. www.wso2.com > <http://wso2.com/signature> > > On Thu, Nov 2, 2017 at 8:22 PM, Hasintha Indrajee <[email protected]> > wrote: > >> Hi Jason, >> >> Seems like you are using SAML inbound and you have requested an encrypted >> assertion. Are you using SAML bearer grant type ? Just trying to identify >> what actually you are trying to achieve here. >> >> On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva <[email protected]> wrote: >> >>> Hi IS Team, >>> >>> I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the >>> occasions I face the below issue. I also found [2] where it suggests >>> increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I >>> did it on H2 and MySQL as well but still, it fails. Appreciate any input on >>> this. >>> >>> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims >>> [2] https://medium.com/@hasinthaindrajee/self-contained-acce >>> ss-tokens-with-wso2-identity-server-82111631d5b6 >>> >>> [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter} >>> - Error encrypting XMLObject >>> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key >>> size or default parameters >>> Original Exception was java.security.InvalidKeyException: Illegal key >>> size or default parameters >>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>> Cipher.java:1140) >>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>> Cipher.java:1083) >>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >>> er.java:452) >>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) >>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) >>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) >>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >>> tedAssertion(SAMLSSOUtil.java:657) >>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >>> ilder.buildResponse(DefaultResponseBuilder.java:75) >>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >>> e(SAMLSSOService.java:164) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >>> rServlet.java:816) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleRequest(SAMLSSOProviderServlet.java:207) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.doGet(SAMLSSOProviderServlet.java:105) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleRequest(SAMLSSOProviderServlet.java:169) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.doPost(SAMLSSOProviderServlet.java:117) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>> rvice(ContextPathServletAdaptor.java:37) >>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>> n.service(ServletRegistration.java:61) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>> ssAlias(ProxyServlet.java:128) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>> ce(ProxyServlet.java:60) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>> (DelegationServlet.java:68) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:303) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>> r.java:52) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >>> er(CaptchaFilter.java:76) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:124) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>> r(CharacterSetFilter.java:61) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:124) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>> dWrapperValve.java:219) >>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>> dContextValve.java:110) >>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>> uthenticatorBase.java:506) >>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>> stValve.java:169) >>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>> rtValve.java:103) >>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>> ke(AuthorizationValve.java:91) >>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>> ke(AuthenticationValve.java:60) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>> ocation(CompositeValve.java:99) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>> (CarbonTomcatValve.java:47) >>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>> ntLazyLoaderValve.java:57) >>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>> eValves(TomcatValveContainer.java:47) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>> ositeValve.java:62) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>> lve.java:962) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>> invoke(CarbonContextCreatorValve.java:57) >>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>> EngineValve.java:116) >>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>> apter.java:445) >>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>> tractHttp11Processor.java:1115) >>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>> .process(AbstractProtocol.java:637) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>> (NioEndpoint.java:1775) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>> ioEndpoint.java:1734) >>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>> Executor.java:1142) >>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>> lExecutor.java:617) >>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>> un(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: java.security.InvalidKeyException: Illegal key size or >>> default parameters >>> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) >>> at javax.crypto.Cipher.implInit(Cipher.java:801) >>> at javax.crypto.Cipher.chooseProvider(Cipher.java:864) >>> at javax.crypto.Cipher.init(Cipher.java:1249) >>> at javax.crypto.Cipher.init(Cipher.java:1186) >>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>> Cipher.java:1137) >>> ... 66 more >>> [2017-11-02 16:54:16,919] ERROR {org.wso2.carbon.identity.sso. >>> saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing the >>> authentication request >>> org.wso2.carbon.identity.base.IdentityException: Error while signing >>> the SAML Response message. >>> at org.wso2.carbon.identity.base.IdentityException.error(Identi >>> tyException.java:60) >>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >>> tedAssertion(SAMLSSOUtil.java:668) >>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >>> ilder.buildResponse(DefaultResponseBuilder.java:75) >>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >>> e(SAMLSSOService.java:164) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >>> rServlet.java:816) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleRequest(SAMLSSOProviderServlet.java:207) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.doGet(SAMLSSOProviderServlet.java:105) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.handleRequest(SAMLSSOProviderServlet.java:169) >>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>> vlet.doPost(SAMLSSOProviderServlet.java:117) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>> rvice(ContextPathServletAdaptor.java:37) >>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>> n.service(ServletRegistration.java:61) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>> ssAlias(ProxyServlet.java:128) >>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>> ce(ProxyServlet.java:60) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>> (DelegationServlet.java:68) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:303) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>> r.java:52) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >>> er(CaptchaFilter.java:76) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:124) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>> r(CharacterSetFilter.java:61) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>> r(HttpHeaderSecurityFilter.java:124) >>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>> lter(ApplicationFilterChain.java:241) >>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>> licationFilterChain.java:208) >>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>> dWrapperValve.java:219) >>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>> dContextValve.java:110) >>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>> uthenticatorBase.java:506) >>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>> stValve.java:169) >>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>> rtValve.java:103) >>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>> ke(AuthorizationValve.java:91) >>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>> ke(AuthenticationValve.java:60) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>> ocation(CompositeValve.java:99) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>> (CarbonTomcatValve.java:47) >>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>> ntLazyLoaderValve.java:57) >>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>> eValves(TomcatValveContainer.java:47) >>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>> ositeValve.java:62) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>> lve.java:962) >>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>> invoke(CarbonContextCreatorValve.java:57) >>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>> EngineValve.java:116) >>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>> apter.java:445) >>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>> tractHttp11Processor.java:1115) >>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>> .process(AbstractProtocol.java:637) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>> (NioEndpoint.java:1775) >>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>> ioEndpoint.java:1734) >>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>> Executor.java:1142) >>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>> lExecutor.java:617) >>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>> un(TaskThread.java:61) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: org.wso2.carbon.identity.base.IdentityException: Error while >>> Encrypting Assertion >>> at org.wso2.carbon.identity.base.IdentityException.error(Identi >>> tyException.java:60) >>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:58) >>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >>> tedAssertion(SAMLSSOUtil.java:657) >>> ... 60 more >>> Caused by: org.opensaml.xml.encryption.EncryptionException: Error >>> encrypting XMLObject >>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >>> er.java:455) >>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) >>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) >>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) >>> ... 61 more >>> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: >>> Illegal key size or default parameters >>> Original Exception was java.security.InvalidKeyException: Illegal key >>> size or default parameters >>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>> Cipher.java:1140) >>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>> Cipher.java:1083) >>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >>> er.java:452) >>> ... 64 more >>> Caused by: java.security.InvalidKeyException: Illegal key size or >>> default parameters >>> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) >>> at javax.crypto.Cipher.implInit(Cipher.java:801) >>> at javax.crypto.Cipher.chooseProvider(Cipher.java:864) >>> at javax.crypto.Cipher.init(Cipher.java:1249) >>> at javax.crypto.Cipher.init(Cipher.java:1186) >>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>> Cipher.java:1137) >>> ... 66 more >>> >>> Regards, >>> Jason >>> >>> Jason De Silva >>> *Software Engineer - QA* >>> Mobile: +94 (0) 772 097 678 >>> Email: [email protected] >>> WSO2 Inc. www.wso2.com >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 <077%20189%202453> >> >> > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
