Hi all, I'm continuously getting this error when assertion encryption is enabled. I have attached the traveolcity.properties file for your reference. I can give the travelocity.war on request.
On Sun, Oct 4, 2015 at 1:43 PM, Gayan Gunawardana <[email protected]> wrote: > Hi Nadeesha, > > I just checked Federated SSO scenario (product-is build 02/10/2015) you > mentioned in the initial mail. It works fine for me except I had to replace > commons-collections-3.1.jar with commons-collections-3.2.1.jar inside > travelocity.com web app. > > Thanks, > Gayan > > On Fri, Oct 2, 2015 at 9:11 PM, Nadeesha Meegoda <[email protected]> > wrote: > >> Hi Tharindu, >> >> When I tested this with single IS for SAML SSO (not the federated >> scenario) everything worked fine for super tenant. I doubt this is related >> to the federated scenario. Please have a look and let me know. >> >> Thanks! >> >> On Fri, Oct 2, 2015 at 8:52 PM, Tharindu Edirisinghe <[email protected]> >> wrote: >> >>> Hi Nadeesha, >>> >>> For super tenant, sso.agent should be able to decrypt the encrypted saml >>> assertion. However there was an issue [1] where for a tenant, when the >>> tenant encrypts the SAML assertion from the public certificate of the >>> client (i.e travelocity app), then sso.agent could not decrypt the >>> assertion because in the code, the private key of travelocity's key store >>> was not getting picked up because of the particular method called in open >>> saml library. This was patched sometimes back for sso.agent 1.2 version but >>> we need to check whether the same fix got correctly merged to higher >>> versions (i.e 1.4). Ideally this should anyway work for super tenant, but >>> we'll check the same scenario more and let you know. >>> >>> [1] https://wso2.org/jira/browse/IDENTITY-3186 >>> >>> Regards, >>> TharinduE >>> >>> On Fri, Oct 2, 2015 at 3:34 PM, Nadeesha Meegoda <[email protected]> >>> wrote: >>> >>>> Hi Darshana, >>>> >>>> Yes the response is encrypted. Sending the SAML sso trace attached with >>>> the mail. >>>> >>>> @Ishara I used wso2carbon as the certificate alias since I'm using the >>>> default key stores and also I'm testing this in super tenant mode. Do I >>>> need to import the public certificate of the private key of travelocity app >>>> to IS keystores in super tenant mode? >>>> >>>> On Fri, Oct 2, 2015 at 3:19 PM, Ishara Karunarathna <[email protected]> >>>> wrote: >>>> >>>>> Hi Nadeesha, >>>>> >>>>> On Fri, Oct 2, 2015 at 3:04 PM, Darshana Gunawardana < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Nadeesha, >>>>>> >>>>>> Have you checked whether the assertion is encrypted in the response >>>>>> IS send back to travelocity app? >>>>>> >>>>>> And please provide the SSO Trace (save as a text file and attach in >>>>>> the mail) for the whole flow. >>>>>> >>>>>> Thanks, >>>>>> Darshana >>>>>> >>>>>> On Fri, Oct 2, 2015 at 2:53 PM, Nadeesha Meegoda <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi. >>>>>>> >>>>>>> I have configured the setup to Login to the Identity Server Using >>>>>>> Another Identity Server as per the details in [1] in Super tenant mode. >>>>>>> With the happy scenario according to the documentation this works fine. >>>>>>> But >>>>>>> I have enabled some additional properties in IDP and SP used for IDP as >>>>>>> following : >>>>>>> >>>>>>> *Properties enabled for Federated Authenticators* - SAML2 Web SSO >>>>>>> Configuration >>>>>>> >>>>>>> 1. Enabled Assertion Encryption >>>>>>> 2. Enable Assertion Signing >>>>>>> 3. Enable Authentication Response Signing >>>>>>> >>>>>>> *Properties enabled fo SP used for IDP * >>>>>>> >>>>>>> 1. Enabled Assertion Encryption >>>>>>> 2. Enabled Response Signing >>>>>>> >>>>>>> *Properties enabled fo SP used for travelocity app* >>>>>>> >>>>>>> 1. Enabled Assertion Encryption >>>>>>> >>>>>> What is the Certificate Alias you used here ? >>>>> is that the public key in travelocity app ? >>>>> >>>>>> 2. Enabled Response Signing >>>>>>> >>>>>>> In the travelocity.properties file also I have enabled Assertion >>>>>>> Encryption,Response signing and Assertion signing. I have already >>>>>>> imported >>>>>>> the Identity Provider Public Certificate to IDP >>>>>>> >>>>>>> When I'm signing in to travelocity.com I get Unable to decrypt the >>>>>>> SAML Assertion error and error in [2] in tomcat. >>>>>>> >>>>>>> Note that only enabling "assertion signing" in IDP I was >>>>>>> successfully able to login and no error was displayed. When I enabled >>>>>>> the >>>>>>> Assertion Encryption this error occurred. Why is this error occurred >>>>>>> when I >>>>>>> enable this property as mentioned above? >>>>>>> >>>>>>> Any help regarding this is highly appreciated! >>>>>>> >>>>>>> >>>>>>> >>>>>>> [1] - >>>>>>> https://docs.wso2.com/pages/viewpage.action?title=Login%2Bto%2Bthe%2BIdentity%2BServer%2BUsing%2BAnother%2BIdentity%2BServer&spaceKey=IS510 >>>>>>> >>>>>>> [2] - Oct 02, 2015 2:10:47 PM >>>>>>> org.wso2.carbon.identity.sso.agent.SSOAgentFilter doFilter >>>>>>> SEVERE: An error has occurred >>>>>>> org.wso2.carbon.identity.sso.agent.exception.SSOAgentException: >>>>>>> Unable to decrypt the SAML Assertion >>>>>>> at >>>>>>> org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processSSOResponse(SAML2SSOManager.java:254) >>>>>>> at >>>>>>> org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processResponse(SAML2SSOManager.java:198) >>>>>>> at >>>>>>> org.wso2.carbon.identity.sso.agent.SSOAgentFilter.doFilter(SSOAgentFilter.java:89) >>>>>>> at >>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>>>>> at >>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>>>>> at >>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>>>>> at >>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>>>>> at >>>>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) >>>>>>> at >>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>>>>>> at >>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) >>>>>>> at >>>>>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) >>>>>>> at >>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>>>>> at >>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) >>>>>>> at >>>>>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) >>>>>>> at >>>>>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) >>>>>>> at >>>>>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) >>>>>>> at >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>>>>> at >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>>>>> at >>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks! >>>>>>> -- >>>>>>> *Nadeesha Meegoda* >>>>>>> Software Engineer - QA >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> email : [email protected] >>>>>>> mobile: +94783639540 >>>>>>> <%2B94%2077%202273555> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>>>>> >>>>>> *Darshana Gunawardana*Senior Software Engineer >>>>>> WSO2 Inc.; http://wso2.com >>>>>> >>>>>> *E-mail: [email protected] <[email protected]>* >>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Senior Software Engineer >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 >>>>> >>>> >>>> >>>> >>>> -- >>>> *Nadeesha Meegoda* >>>> Software Engineer - QA >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> email : [email protected] >>>> mobile: +94783639540 >>>> <%2B94%2077%202273555> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> Tharindu Edirisinghe >>> Software Engineer | WSO2 Inc >>> Identity Server Team >>> Blog : tharindue.blogspot.com >>> mobile : +94 775 181586 >>> >>> >>> >> >> >> -- >> *Nadeesha Meegoda* >> Software Engineer - QA >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> email : [email protected] >> mobile: +94783639540 >> <%2B94%2077%202273555> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- *Nadeesha Meegoda* Software Engineer - QA WSO2 Inc.; http://wso2.com lean.enterprise.middleware email : [email protected] mobile: +94783639540 <%2B94%2077%202273555>
travelocity.properties
Description: Binary data
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
