I can't get past this. I keep getting the "No private key available for decrypt, check settings" as seen here below:
[https-openssl-apr-8543-exec-2] WARN o.a.g.a.s.a.AssertionConsumerServiceResource - Authentication attempted with an invalid SAML response: Current SAML settings are insufficient to decrypt/parse the received SAML response. [https-openssl-apr-8543-exec-2] DEBUG o.a.g.a.s.a.AssertionConsumerServiceResource - Received SAML response failed validation. org.apache.guacamole.GuacamoleServerException: Current SAML settings are insufficient to decrypt/parse the received SAML response. at org.apache.guacamole.auth.saml.acs.SAMLService.processResponse(SAMLService.java:173) at org.apache.guacamole.auth.saml.acs.AssertionConsumerServiceResource.processSamlResponse(AssertionConsumerServiceResource.java:110) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167) at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:290) at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:280) at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:184) at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:89) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source) at org.apache.catalina.core.StandardWrapperValve.invoke(Unknown Source) at org.apache.catalina.core.StandardContextValve.invoke(Unknown Source) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Unknown Source) at org.apache.catalina.core.StandardHostValve.invoke(Unknown Source) at org.apache.catalina.valves.ErrorReportValve.invoke(Unknown Source) at org.apache.catalina.valves.RemoteIpValve.invoke(Unknown Source) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Unknown Source) at org.apache.catalina.core.StandardEngineValve.invoke(Unknown Source) at org.apache.catalina.connector.CoyoteAdapter.service(Unknown Source) at org.apache.coyote.http2.StreamProcessor.service(Unknown Source) at org.apache.coyote.AbstractProcessorLight.process(Unknown Source) at org.apache.coyote.http2.StreamProcessor.process(Unknown Source) at org.apache.coyote.http2.StreamRunnable.run(Unknown Source) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(Unknown Source) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) Caused by: com.onelogin.saml2.exception.SettingsException: No private key available for decrypt, check settings at com.onelogin.saml2.authn.SamlResponse.decryptAssertion(SamlResponse.java:1204) at com.onelogin.saml2.authn.SamlResponse.loadXmlFromBase64(SamlResponse.java:168) at com.onelogin.saml2.authn.SamlResponse.<init>(SamlResponse.java:118) at org.apache.guacamole.auth.saml.acs.SAMLService.processResponse(SAMLService.java:152) ... 53 common frames omitted Which private key does the application need? Is it the private key of the public certificate on the Guacamole (SP) server? Isn't the config in server.xml (tomcat) enough? Does the Guacamole SAML module use the certs defined in <Certificate> within Tomcat's server.xml? How can I debug this further? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
