Thanks Sergey for the quick turnaround.I did not pass the proper Crypto object, that's why i see the exception Cannot find key for alias: [null]
Actually the issue with password call back handler, we should add the private key's password into password callback handler class to decrypt the saml assertion. Thanks Rathnapandi On Thu, Jul 31, 2014 at 12:15 PM, Sergey Beryozkin [via CXF] < [email protected]> wrote: > Looks like it's a configuration issue, make sure the encryption > properties have an alias set. example: > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=password > org.apache.ws.security.crypto.merlin.keystore.alias=alice > org.apache.ws.security.crypto.merlin.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks > > > Cheers. Sergey > On 31/07/14 20:31, rathnapandi wrote: > > > Thanks Sergey, i am getting different exception while retrieving the > private > > key. > > > > > > org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for > alias: > > [null] > > at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:688) > > at > > > org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.decryptAssertion(SAMLProtocolResponseValidator.java:447) > > > at > > > org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.validateSamlResponse(SAMLProtocolResponseValidator.java:119) > > > at > > > org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest.testSignedResponse(SAMLResponseValidatorTest.java:293) > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > > > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47) > > > at > > > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > > > at > > > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44) > > > at > > > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > > > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271) > > at > > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70) > > > at > > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50) > > > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) > > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) > > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) > > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) > > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) > > at org.junit.runners.ParentRunner.run(ParentRunner.java:309) > > at > > > org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) > > > at > > > org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) > > > > > I have imported the private key to keystore to decrypt the encrypted > saml > > assertion. please find below the keystore information. > > > > Your keystore contains 2 entries > > > > alice, Apr 24, 2009, PrivateKeyEntry, > > Certificate fingerprint (SHA1): > > 79:D3:FB:5D:7B:6C:89:1B:CD:D4:25:3F:A0:87:74:09:07:2B:1F:77 > > cn=test, Jul 31, 2014, PrivateKeyEntry, > > Certificate fingerprint (SHA1): > > 86:A2:CC:BA:20:F7:89:23:F2:99:ED:C6:42:99:57:AE:25:CF:04:37 > > > > > > > > > > -- > > View this message in context: > http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747168.html > > > Sent from the cxf-dev mailing list archive at Nabble.com. > > > > > -- > Sergey Beryozkin > > Talend Community Coders > http://coders.talend.com/ > > Blog: http://sberyozkin.blogspot.com > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747169.html > To unsubscribe from SAML2.0 Encrypted assertion is not working., click > here > <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5747089&code=cmF0aG5hcGFuZGkubkBnbWFpbC5jb218NTc0NzA4OXwtNTU0MTA3NzQ1> > . > NAML > <http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- Thanks and Regards Rathnapandi -- View this message in context: http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089p5747170.html Sent from the cxf-dev mailing list archive at Nabble.com.
