Hi Jason, Seems like you are using SAML inbound and you have requested an encrypted assertion. Are you using SAML bearer grant type ? Just trying to identify what actually you are trying to achieve here.
On Thu, Nov 2, 2017 at 5:02 PM, Jason De Silva <[email protected]> wrote: > Hi IS Team, > > I am trying out the sample [1] with IS 5.2.0 and 5.3.0 as well. Both the > occasions I face the below issue. I also found [2] where it suggests > increasing the column ACCESS_TOKEN of the table IDN_OAUTH2_ACCESS_TOKEN. I > did it on H2 and MySQL as well but still, it fails. Appreciate any input on > this. > > [1] https://github.com/wso2/msf4j/tree/master/samples/jwt-claims > [2] https://medium.com/@hasinthaindrajee/self-contained- > access-tokens-with-wso2-identity-server-82111631d5b6 > > [2017-11-02 16:54:16,918] ERROR {org.opensaml.xml.encryption.Encrypter} > - Error encrypting XMLObject > org.apache.xml.security.encryption.XMLEncryptionException: Illegal key > size or default parameters > Original Exception was java.security.InvalidKeyException: Illegal key > size or default parameters > at org.apache.xml.security.encryption.XMLCipher.encryptData( > XMLCipher.java:1140) > at org.apache.xml.security.encryption.XMLCipher.encryptData( > XMLCipher.java:1083) > at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt > er.java:452) > at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) > at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) > at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul > tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) > at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp > tedAssertion(SAMLSSOUtil.java:657) > at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu > ilder.buildResponse(DefaultResponseBuilder.java:75) > at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR > equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) > at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat > e(SAMLSSOService.java:164) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide > rServlet.java:816) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleRequest(SAMLSSOProviderServlet.java:207) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.doGet(SAMLSSOProviderServlet.java:105) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleRequest(SAMLSSOProviderServlet.java:169) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.doPost(SAMLSSOProviderServlet.java:117) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se > rvice(ContextPathServletAdaptor.java:37) > at org.eclipse.equinox.http.servlet.internal.ServletRegistratio > n.service(ServletRegistration.java:61) > at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce > ssAlias(ProxyServlet.java:128) > at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi > ce(ProxyServlet.java:60) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service > (DelegationServlet.java:68) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:303) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt > er(CaptchaFilter.java:76) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte > r(HttpHeaderSecurityFilter.java:124) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte > r(CharacterSetFilter.java:61) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte > r(HttpHeaderSecurityFilter.java:124) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.core.StandardWrapperValve.invoke(Standar > dWrapperValve.java:219) > at org.apache.catalina.core.StandardContextValve.invoke(Standar > dContextValve.java:110) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A > uthenticatorBase.java:506) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHo > stValve.java:169) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo > rtValve.java:103) > at org.wso2.carbon.identity.context.rewrite.valve.TenantContext > RewriteValve.invoke(TenantContextRewriteValve.java:80) > at org.wso2.carbon.identity.authz.valve.AuthorizationValve. > invoke(AuthorizationValve.java:91) > at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo > ke(AuthenticationValve.java:60) > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv > ocation(CompositeValve.java:99) > at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke > (CarbonTomcatValve.java:47) > at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena > ntLazyLoaderValve.java:57) > at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok > eValves(TomcatValveContainer.java:47) > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp > ositeValve.java:62) > at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection > Valve.invoke(CarbonStuckThreadDetectionValve.java:159) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa > lve.java:962) > at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. > invoke(CarbonContextCreatorValve.java:57) > at org.apache.catalina.core.StandardEngineValve.invoke(Standard > EngineValve.java:116) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd > apter.java:445) > at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs > tractHttp11Processor.java:1115) > at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler > .process(AbstractProtocol.java:637) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun > (NioEndpoint.java:1775) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run( > NioEndpoint.java:1734) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool > Executor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo > lExecutor.java:617) > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable. > run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.security.InvalidKeyException: Illegal key size or default > parameters > at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) > at javax.crypto.Cipher.implInit(Cipher.java:801) > at javax.crypto.Cipher.chooseProvider(Cipher.java:864) > at javax.crypto.Cipher.init(Cipher.java:1249) > at javax.crypto.Cipher.init(Cipher.java:1186) > at org.apache.xml.security.encryption.XMLCipher.encryptData( > XMLCipher.java:1137) > ... 66 more > [2017-11-02 16:54:16,919] ERROR {org.wso2.carbon.identity.sso. > saml.processors.SPInitSSOAuthnRequestProcessor} - Error processing the > authentication request > org.wso2.carbon.identity.base.IdentityException: Error while signing the > SAML Response message. > at org.wso2.carbon.identity.base.IdentityException.error(Identi > tyException.java:60) > at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp > tedAssertion(SAMLSSOUtil.java:668) > at org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBu > ilder.buildResponse(DefaultResponseBuilder.java:75) > at org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnR > equestProcessor.process(SPInitSSOAuthnRequestProcessor.java:167) > at org.wso2.carbon.identity.sso.saml.SAMLSSOService.authenticat > e(SAMLSSOService.java:164) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleAuthenticationReponseFromFramework(SAMLSSOProvide > rServlet.java:816) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleRequest(SAMLSSOProviderServlet.java:207) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.doGet(SAMLSSOProviderServlet.java:105) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.sendRequestToFramework(SAMLSSOProviderServlet.java:1114) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.handleRequest(SAMLSSOProviderServlet.java:169) > at org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderSer > vlet.doPost(SAMLSSOProviderServlet.java:117) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se > rvice(ContextPathServletAdaptor.java:37) > at org.eclipse.equinox.http.servlet.internal.ServletRegistratio > n.service(ServletRegistration.java:61) > at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce > ssAlias(ProxyServlet.java:128) > at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi > ce(ProxyServlet.java:60) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service > (DelegationServlet.java:68) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:303) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.wso2.carbon.identity.captcha.filter.CaptchaFilter.doFilt > er(CaptchaFilter.java:76) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte > r(HttpHeaderSecurityFilter.java:124) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte > r(CharacterSetFilter.java:61) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte > r(HttpHeaderSecurityFilter.java:124) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.core.StandardWrapperValve.invoke(Standar > dWrapperValve.java:219) > at org.apache.catalina.core.StandardContextValve.invoke(Standar > dContextValve.java:110) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A > uthenticatorBase.java:506) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHo > stValve.java:169) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo > rtValve.java:103) > at org.wso2.carbon.identity.context.rewrite.valve.TenantContext > RewriteValve.invoke(TenantContextRewriteValve.java:80) > at org.wso2.carbon.identity.authz.valve.AuthorizationValve. > invoke(AuthorizationValve.java:91) > at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo > ke(AuthenticationValve.java:60) > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv > ocation(CompositeValve.java:99) > at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke > (CarbonTomcatValve.java:47) > at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena > ntLazyLoaderValve.java:57) > at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok > eValves(TomcatValveContainer.java:47) > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp > ositeValve.java:62) > at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection > Valve.invoke(CarbonStuckThreadDetectionValve.java:159) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa > lve.java:962) > at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. > invoke(CarbonContextCreatorValve.java:57) > at org.apache.catalina.core.StandardEngineValve.invoke(Standard > EngineValve.java:116) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd > apter.java:445) > at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs > tractHttp11Processor.java:1115) > at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler > .process(AbstractProtocol.java:637) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun > (NioEndpoint.java:1775) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run( > NioEndpoint.java:1734) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool > Executor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo > lExecutor.java:617) > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable. > run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.wso2.carbon.identity.base.IdentityException: Error while > Encrypting Assertion > at org.wso2.carbon.identity.base.IdentityException.error(Identi > tyException.java:60) > at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul > tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:58) > at org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil.setEncryp > tedAssertion(SAMLSSOUtil.java:657) > ... 60 more > Caused by: org.opensaml.xml.encryption.EncryptionException: Error > encrypting XMLObject > at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt > er.java:455) > at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:344) > at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) > at org.wso2.carbon.identity.sso.saml.builders.encryption.Defaul > tSSOEncrypter.doEncryptedAssertion(DefaultSSOEncrypter.java:55) > ... 61 more > Caused by: org.apache.xml.security.encryption.XMLEncryptionException: > Illegal key size or default parameters > Original Exception was java.security.InvalidKeyException: Illegal key > size or default parameters > at org.apache.xml.security.encryption.XMLCipher.encryptData( > XMLCipher.java:1140) > at org.apache.xml.security.encryption.XMLCipher.encryptData( > XMLCipher.java:1083) > at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypt > er.java:452) > ... 64 more > Caused by: java.security.InvalidKeyException: Illegal key size or default > parameters > at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) > at javax.crypto.Cipher.implInit(Cipher.java:801) > at javax.crypto.Cipher.chooseProvider(Cipher.java:864) > at javax.crypto.Cipher.init(Cipher.java:1249) > at javax.crypto.Cipher.init(Cipher.java:1186) > at org.apache.xml.security.encryption.XMLCipher.encryptData( > XMLCipher.java:1137) > ... 66 more > > Regards, > Jason > > Jason De Silva > *Software Engineer - QA* > Mobile: +94 (0) 772 097 678 > Email: [email protected] > WSO2 Inc. www.wso2.com > <http://wso2.com/signature> > -- Hasintha Indrajee WSO2, Inc. Mobile:+94 771892453 <077%20189%202453>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
