[OpenAM] OpenIG Federation Servlet Encryption Errors
Bram Cymet
bcymet at cbnco.com
Mon Jan 16 14:27:37 EST 2012
Hi,
I posted this to the OpenIG users group but I figured someone here might
be able to help me.
I have gotten to the point where my config loads in properly. However
when I try to access the webpage through the gateway I get the following
in my debug logs:
libSAML:
ERROR: mapPk2Cert.JKSKeyProvider:
java.lang.NullPointerException
at
com.sun.identity.saml.xmlsig.JKSKeyProvider.mapPk2Cert(JKSKeyProvider.java:141)
at
com.sun.identity.saml.xmlsig.JKSKeyProvider.<init>(JKSKeyProvider.java:177)
at
com.sun.identity.saml.xmlsig.JKSKeyProvider.<init>(JKSKeyProvider.java:163)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.identity.saml2.key.KeyUtil.<clinit>(KeyUtil.java:80)
at com.sun.identity.saml2.common.SAML2Utils.<clinit>(SAML2Utils.java:183)
at
org.forgerock.openig.saml.FederationServlet.serviceSPInitiatedSSO(FederationServlet.java:218)
at
org.forgerock.openig.saml.FederationServlet.service(FederationServlet.java:128)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.forgerock.openig.servlet.DispatchServlet$DispatchChain.doFilter(DispatchServlet.java:148)
at
org.forgerock.openig.servlet.DispatchServlet.service(DispatchServlet.java:127)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.forgerock.openig.federation.FederationGatewayServlet.service(FederationGatewayServlet.java:81)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
amSDK:
01/16/2012 02:09:19:436 PM EST: Thread[http-8080-1,5,main]
ERROR: JCEEncryption:: failed to decrypt data
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_ab.b(DashoA13*..)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at
com.iplanet.services.util.JCEEncryption.pbeDecrypt(JCEEncryption.java:281)
at com.iplanet.services.util.JCEEncryption.decrypt(JCEEncryption.java:141)
at com.iplanet.services.util.Crypt.decode(Crypt.java:343)
at com.iplanet.services.util.Crypt.decode(Crypt.java:368)
at com.sun.identity.security.DecodeAction.run(DecodeAction.java:105)
at java.security.AccessController.doPrivileged(Native Method)
at
com.sun.identity.fedlet.FedletEncodeDecode.getDecodedPassword(FedletEncodeDecode.java:71)
at
com.sun.identity.saml.common.SAMLUtilsCommon.decodePassword(SAMLUtilsCommon.java:240)
at
com.sun.identity.saml.xmlsig.JKSKeyProvider.initialize(JKSKeyProvider.java:125)
at
com.sun.identity.saml.xmlsig.JKSKeyProvider.<init>(JKSKeyProvider.java:175)
at
com.sun.identity.saml.xmlsig.JKSKeyProvider.<init>(JKSKeyProvider.java:163)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown
Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.sun.identity.saml2.key.KeyUtil.<clinit>(KeyUtil.java:80)
at com.sun.identity.saml2.common.SAML2Utils.<clinit>(SAML2Utils.java:183)
at
org.forgerock.openig.saml.FederationServlet.serviceSPInitiatedSSO(FederationServlet.java:218)
at
org.forgerock.openig.saml.FederationServlet.service(FederationServlet.java:128)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.forgerock.openig.servlet.DispatchServlet$DispatchChain.doFilter(DispatchServlet.java:148)
at
org.forgerock.openig.servlet.DispatchServlet.service(DispatchServlet.java:127)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.forgerock.openig.federation.FederationGatewayServlet.service(FederationGatewayServlet.java:81)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
I think it is trying decrypt the SAML payload and can't?
The keystore is the same keystore that is used for my OpenAM instance?
This is just for development work so I have just been copying the
keystore around.
Any help or insight as to what is going on here would be great.
This only happens the first time I hit the gateway after a tomcat restart.
I am using Sun Java 1.6 and tomcat for my container.
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
More information about the OpenAM
mailing list