Hi Hasintha, Yes, I am using SAML bearer grant type. I am basically trying to get the sample provided in [1] to work so that I can extend it to work with other OAuth grant types. Also, you are correct when I unticked "Enable Assertion Encryption" it logged me in successfully. Is there a reason that we cannot use the encrypted assertion here?
[1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims Regards, Jason Jason De Silva *Software Engineer - QA* Mobile: +94 (0) 772 097 678 Email: [email protected] WSO2 Inc. www.wso2.com <http://wso2.com/signature> On Thu, Nov 2, 2017 at 8:22 PM, Hasintha Indrajee <[email protected]> wrote: > Hi Jason, > > Seems like you are using SAML inbound and you have requested an encrypted > assertion. Are you using SAML bearer grant type ? Just trying to identify > what actually you are trying to achieve here. > > On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva <[email protected]> wrote: > >> Hi IS Team, >> >> I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the >> occasions I face the below issue. I also found [2] where it suggests >> increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I >> did it on H2 and MySQL as well but still, it fails. Appreciate any input on >> this. >> >> [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims >> [2] https://medium.com/@hasinthaindrajee/self-contained-acce >> ss-tokens-with-wso2-identity-server-82111631d5b6 >> >> [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter} >> - Error encrypting XMLObject >> org.apache.xml.security.encryption.XMLEncryptionException: Illegal key >> size or default parameters >> Original Exception was java.security.InvalidKeyException: Illegal key >> size or default parameters >> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >> Cipher.java:1140) >> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >> Cipher.java:1083) >> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >> er.java:452) >> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) >> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) >> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) >> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >> tedAssertion(SAMLSSOUtil.java:657) >> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >> ilder.buildResponse(DefaultResponseBuilder.java:75) >> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >> e(SAMLSSOService.java:164) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >> rServlet.java:816) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:207) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doGet(SAMLSSOProviderServlet.java:105) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:169) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doPost(SAMLSSOProviderServlet.java:117) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >> rvice(ContextPathServletAdaptor.java:37) >> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >> n.service(ServletRegistration.java:61) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >> ssAlias(ProxyServlet.java:128) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >> ce(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >> (DelegationServlet.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >> er(CaptchaFilter.java:76) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:124) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >> r(CharacterSetFilter.java:61) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:124) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >> dWrapperValve.java:219) >> at org.apache.catalina.core.StandardContextValve.invoke(Standar >> dContextValve.java:110) >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >> uthenticatorBase.java:506) >> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >> stValve.java:169) >> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >> rtValve.java:103) >> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >> RewriteValve.invoke(TenantContextRewriteValve.java:80) >> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >> ke(AuthorizationValve.java:91) >> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >> ke(AuthenticationValve.java:60) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >> ocation(CompositeValve.java:99) >> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >> (CarbonTomcatValve.java:47) >> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >> ntLazyLoaderValve.java:57) >> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >> eValves(TomcatValveContainer.java:47) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >> ositeValve.java:62) >> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >> lve.java:962) >> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >> invoke(CarbonContextCreatorValve.java:57) >> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >> EngineValve.java:116) >> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >> apter.java:445) >> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >> tractHttp11Processor.java:1115) >> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >> .process(AbstractProtocol.java:637) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >> (NioEndpoint.java:1775) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >> ioEndpoint.java:1734) >> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >> Executor.java:1142) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >> lExecutor.java:617) >> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >> un(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> Caused by: java.security.InvalidKeyException: Illegal key size or >> default parameters >> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) >> at javax.crypto.Cipher.implInit(Cipher.java:801) >> at javax.crypto.Cipher.chooseProvider(Cipher.java:864) >> at javax.crypto.Cipher.init(Cipher.java:1249) >> at javax.crypto.Cipher.init(Cipher.java:1186) >> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >> Cipher.java:1137) >> ... 66 more >> [2017-11-02 16:54:16,919] ERROR {org.wso2.carbon.identity.sso. >> saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing the >> authentication request >> org.wso2.carbon.identity.base.IdentityException: Error while signing the >> SAML Response message. >> at org.wso2.carbon.identity.base.IdentityException.error(Identi >> tyException.java:60) >> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >> tedAssertion(SAMLSSOUtil.java:668) >> at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu >> ilder.buildResponse(DefaultResponseBuilder.java:75) >> at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR >> equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) >> at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat >> e(SAMLSSOService.java:164) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide >> rServlet.java:816) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:207) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doGet(SAMLSSOProviderServlet.java:105) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.handleRequest(SAMLSSOProviderServlet.java:169) >> at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer >> vlet.doPost(SAMLSSOProviderServlet.java:117) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >> rvice(ContextPathServletAdaptor.java:37) >> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >> n.service(ServletRegistration.java:61) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >> ssAlias(ProxyServlet.java:128) >> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >> ce(ProxyServlet.java:60) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >> (DelegationServlet.java:68) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt >> er(CaptchaFilter.java:76) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:124) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >> r(CharacterSetFilter.java:61) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:124) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >> dWrapperValve.java:219) >> at org.apache.catalina.core.StandardContextValve.invoke(Standar >> dContextValve.java:110) >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >> uthenticatorBase.java:506) >> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >> stValve.java:169) >> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >> rtValve.java:103) >> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >> RewriteValve.invoke(TenantContextRewriteValve.java:80) >> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >> ke(AuthorizationValve.java:91) >> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >> ke(AuthenticationValve.java:60) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >> ocation(CompositeValve.java:99) >> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >> (CarbonTomcatValve.java:47) >> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >> ntLazyLoaderValve.java:57) >> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >> eValves(TomcatValveContainer.java:47) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >> ositeValve.java:62) >> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >> lve.java:962) >> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >> invoke(CarbonContextCreatorValve.java:57) >> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >> EngineValve.java:116) >> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >> apter.java:445) >> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >> tractHttp11Processor.java:1115) >> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >> .process(AbstractProtocol.java:637) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >> (NioEndpoint.java:1775) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >> ioEndpoint.java:1734) >> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >> Executor.java:1142) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >> lExecutor.java:617) >> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >> un(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> Caused by: org.wso2.carbon.identity.base.IdentityException: Error while >> Encrypting Assertion >> at org.wso2.carbon.identity.base.IdentityException.error(Identi >> tyException.java:60) >> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:58) >> at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp >> tedAssertion(SAMLSSOUtil.java:657) >> ... 60 more >> Caused by: org.opensaml.xml.encryption.EncryptionException: Error >> encrypting XMLObject >> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >> er.java:455) >> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) >> at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) >> at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul >> tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) >> ... 61 more >> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: >> Illegal key size or default parameters >> Original Exception was java.security.InvalidKeyException: Illegal key >> size or default parameters >> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >> Cipher.java:1140) >> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >> Cipher.java:1083) >> at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt >> er.java:452) >> ... 64 more >> Caused by: java.security.InvalidKeyException: Illegal key size or >> default parameters >> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) >> at javax.crypto.Cipher.implInit(Cipher.java:801) >> at javax.crypto.Cipher.chooseProvider(Cipher.java:864) >> at javax.crypto.Cipher.init(Cipher.java:1249) >> at javax.crypto.Cipher.init(Cipher.java:1186) >> at org.apache.xml.security.encryption.XMLCipher.encryptData(XML >> Cipher.java:1137) >> ... 66 more >> >> Regards, >> Jason >> >> Jason De Silva >> *Software Engineer - QA* >> Mobile: +94 (0) 772 097 678 >> Email: [email protected] >> WSO2 Inc. www.wso2.com >> <http://wso2.com/signature> >> > > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <077%20189%202453> > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
