Yes, I have installed the JCE extensions. Previously I had the wso2carbon as the Certificate Alias.
Jason De Silva *Software Engineer - QA* Mobile: +94 (0) 772 097 678 Email: [email protected] WSO2 Inc. www.wso2.com <http://wso2.com/signature> On Thu, Nov 2, 2017 at 10:20 PM, Hasintha Indrajee <[email protected]> wrote: > It depends on the type of encryption algorithm you are using. What is the > encryption algorithm you are using ?. Also make sure that you have > installed JCE extensions on top of relevant java version you are using. > > On Thu, Nov 2, 2017 at 10:07 PM, Jason De Silva <[email protected]> wrote: > >> Hi Hasintha, >> >> Yes, I am using SAML bearer grant type. I am basically trying to get the >> sample provided in [1] to work so that I can extend it to work with other >> OAuth grant types. Also, you are correct when I unticked "Enable Assertion >> Encryption" it logged me in successfully. Is there a reason that we cannot >> use the encrypted assertion here? >> >> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims >> >> Regards, >> Jason >> >> Jason De Silva >> *Software Engineer - QA* >> Mobile: +94 (0) 772 097 678 >> Email: [email protected] >> WSO2 Inc. www.wso2.com >> <http://wso2.com/signature> >> >> On Thu, Nov 2, 2017 at 8:22 PM, Hasintha Indrajee <[email protected]> >> wrote: >> >>> Hi Jason, >>> >>> Seems like you are using SAML inbound and you have requested an >>> encrypted assertion. Are you using SAML bearer grant type ? Just trying to >>> identify what actually you are trying to achieve here. >>> >>> On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva <[email protected]> wrote: >>> >>>> Hi IS Team, >>>> >>>> I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both >>>> the occasions I face the below issue. I also found [2] where it suggests >>>> increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I >>>> did it on H2 and MySQL as well but still, it fails. Appreciate any input on >>>> this. >>>> >>>> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims >>>> [2] https://medium.com/@hasinthaindrajee/self-contained-acce >>>> ss-tokens-with-wso2-identity-server-82111631d5b6 >>>> >>>> [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter} >>>> - Error encrypting XMLObject >>>> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key >>>> size or default parameters >>>> Original Exception was java.security.InvalidKeyException: Illegal key >>>> size or default parameters >>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>>> Cipher.java:1140) >>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>>> Cipher.java:1083) >>>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >>>> er.java:452) >>>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) >>>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) >>>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >>>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) >>>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >>>> tedAssertion(SAMLSSOUtil.java:657) >>>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >>>> ilder.buildResponse(DefaultResponseBuilder.java:75) >>>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >>>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >>>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >>>> e(SAMLSSOService.java:164) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >>>> rServlet.java:816) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.handleRequest(SAMLSSOProviderServlet.java:207) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.doGet(SAMLSSOProviderServlet.java:105) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.handleRequest(SAMLSSOProviderServlet.java:169) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.doPost(SAMLSSOProviderServlet.java:117) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>> rvice(ContextPathServletAdaptor.java:37) >>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>> n.service(ServletRegistration.java:61) >>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>> ssAlias(ProxyServlet.java:128) >>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>> ce(ProxyServlet.java:60) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>> (DelegationServlet.java:68) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:303) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>> r.java:52) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >>>> er(CaptchaFilter.java:76) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>> r(HttpHeaderSecurityFilter.java:124) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>> r(CharacterSetFilter.java:61) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>> r(HttpHeaderSecurityFilter.java:124) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>> dWrapperValve.java:219) >>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>> dContextValve.java:110) >>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>> uthenticatorBase.java:506) >>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>> stValve.java:169) >>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>> rtValve.java:103) >>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>> ke(AuthorizationValve.java:91) >>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>> ke(AuthenticationValve.java:60) >>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>> ocation(CompositeValve.java:99) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>> (CarbonTomcatValve.java:47) >>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>> ntLazyLoaderValve.java:57) >>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>> eValves(TomcatValveContainer.java:47) >>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>> ositeValve.java:62) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>> lve.java:962) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>> invoke(CarbonContextCreatorValve.java:57) >>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>> EngineValve.java:116) >>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>> apter.java:445) >>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>> tractHttp11Processor.java:1115) >>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>> .process(AbstractProtocol.java:637) >>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>> (NioEndpoint.java:1775) >>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>> ioEndpoint.java:1734) >>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>> Executor.java:1142) >>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>> lExecutor.java:617) >>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>> un(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: java.security.InvalidKeyException: Illegal key size or >>>> default parameters >>>> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) >>>> at javax.crypto.Cipher.implInit(Cipher.java:801) >>>> at javax.crypto.Cipher.chooseProvider(Cipher.java:864) >>>> at javax.crypto.Cipher.init(Cipher.java:1249) >>>> at javax.crypto.Cipher.init(Cipher.java:1186) >>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>>> Cipher.java:1137) >>>> ... 66 more >>>> [2017-11-02 16:54:16,919] ERROR {org.wso2.carbon.identity.sso. >>>> saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing >>>> the authentication request >>>> org.wso2.carbon.identity.base.IdentityException: Error while signing >>>> the SAML Response message. >>>> at org.wso2.carbon.identity.base.IdentityException.error(Identi >>>> tyException.java:60) >>>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >>>> tedAssertion(SAMLSSOUtil.java:668) >>>> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >>>> ilder.buildResponse(DefaultResponseBuilder.java:75) >>>> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >>>> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >>>> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >>>> e(SAMLSSOService.java:164) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >>>> rServlet.java:816) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.handleRequest(SAMLSSOProviderServlet.java:207) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.doGet(SAMLSSOProviderServlet.java:105) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.handleRequest(SAMLSSOProviderServlet.java:169) >>>> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >>>> vlet.doPost(SAMLSSOProviderServlet.java:117) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>> rvice(ContextPathServletAdaptor.java:37) >>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>> n.service(ServletRegistration.java:61) >>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>> ssAlias(ProxyServlet.java:128) >>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>> ce(ProxyServlet.java:60) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>> (DelegationServlet.java:68) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:303) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>> r.java:52) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >>>> er(CaptchaFilter.java:76) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>> r(HttpHeaderSecurityFilter.java:124) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>> r(CharacterSetFilter.java:61) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>> r(HttpHeaderSecurityFilter.java:124) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>> dWrapperValve.java:219) >>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>> dContextValve.java:110) >>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>> uthenticatorBase.java:506) >>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>> stValve.java:169) >>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>> rtValve.java:103) >>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>> ke(AuthorizationValve.java:91) >>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>> ke(AuthenticationValve.java:60) >>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>> ocation(CompositeValve.java:99) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>> (CarbonTomcatValve.java:47) >>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>> ntLazyLoaderValve.java:57) >>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>> eValves(TomcatValveContainer.java:47) >>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>> ositeValve.java:62) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>> lve.java:962) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>> invoke(CarbonContextCreatorValve.java:57) >>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>> EngineValve.java:116) >>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>> apter.java:445) >>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>> tractHttp11Processor.java:1115) >>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>> .process(AbstractProtocol.java:637) >>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>> (NioEndpoint.java:1775) >>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>> ioEndpoint.java:1734) >>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>> Executor.java:1142) >>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>> lExecutor.java:617) >>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>> un(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: org.wso2.carbon.identity.base.IdentityException: Error >>>> while Encrypting Assertion >>>> at org.wso2.carbon.identity.base.IdentityException.error(Identi >>>> tyException.java:60) >>>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >>>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:58) >>>> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >>>> tedAssertion(SAMLSSOUtil.java:657) >>>> ... 60 more >>>> Caused by: org.opensaml.xml.encryption.EncryptionException: Error >>>> encrypting XMLObject >>>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >>>> er.java:455) >>>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) >>>> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) >>>> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >>>> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) >>>> ... 61 more >>>> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: >>>> Illegal key size or default parameters >>>> Original Exception was java.security.InvalidKeyException: Illegal key >>>> size or default parameters >>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>>> Cipher.java:1140) >>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>>> Cipher.java:1083) >>>> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >>>> er.java:452) >>>> ... 64 more >>>> Caused by: java.security.InvalidKeyException: Illegal key size or >>>> default parameters >>>> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) >>>> at javax.crypto.Cipher.implInit(Cipher.java:801) >>>> at javax.crypto.Cipher.chooseProvider(Cipher.java:864) >>>> at javax.crypto.Cipher.init(Cipher.java:1249) >>>> at javax.crypto.Cipher.init(Cipher.java:1186) >>>> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >>>> Cipher.java:1137) >>>> ... 66 more >>>> >>>> Regards, >>>> Jason >>>> >>>> Jason De Silva >>>> *Software Engineer - QA* >>>> Mobile: +94 (0) 772 097 678 >>>> Email: [email protected] >>>> WSO2 Inc. www.wso2.com >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> Hasintha Indrajee >>> WSO2, Inc. >>> Mobile:+94 771892453 <077%20189%202453> >>> >>> >> > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
