Menu

Getting Null KeyInfo object! exception when using remote IDP

Help
Ran Duan
2015-05-07
2015-05-07
  • Ran Duan

    Ran Duan - 2015-05-07

    Hi,
    I have created a local SP with JOSSO 2.4 and imported a removed IDP from meta-data file. When doing testing I got the following exception:

    javax.xml.crypto.KeySelectorException: Null KeyInfo object! at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl$RawX509KeySelector.select(JSR105SamlR2SignerImpl.java:1188) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source) at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validate(JSR105SamlR2SignerImpl.java:735) at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validateDom(JSR105SamlR2SignerImpl.java:670) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.validateResponse(AssertionConsumerProducer.java:1097) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:152) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:87) at org.atricore.idbus.kernel.main.mediation.camel.AbstractCamelProducer.process(AbstractCamelProducer.java:133) at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133) at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66) at org.atricore.idbus.kernel.main.mediation.camel.component.binding.CamelMediationEndpoint$ConsumerProcessor.process(CamelMediationEndpoint.java:319) at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43) at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:59) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133) at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66) at org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.doService(OsgiIDBusServlet2.java:624) at org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.service(OsgiIDBusServlet2.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.handle(HttpServiceServletHandler.java:64) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.ops4j.pax.web.service.jetty.internal.ConfigurableHttpServiceContext.handle(ConfigurableHttpServiceContext.java:98) at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:64) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

    Can someone give me some hint about where might be wrong and how can I try to fix it?

    Thank you.

     
    • Francois C-Dev

      Francois C-Dev - 2015-05-07

      Josso sucks. Use something else.
      On May 7, 2015 1:28 PM, "Ran Duan" tomduan@users.sf.net wrote:

      Hi,
      I have created a local SP with JOSSO 2.4 and imported a removed IDP from
      meta-data file. When doing testing I got the following exception:

      javax.xml.crypto.KeySelectorException: Null KeyInfo object! at
      org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl$RawX509KeySelector.select(JSR105SamlR2SignerImpl.java:1188)
      at
      org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown
      Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown
      Source) at
      org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validate(JSR105SamlR2SignerImpl.java:735)
      at
      org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validateDom(JSR105SamlR2SignerImpl.java:670)
      at
      org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.validateResponse(AssertionConsumerProducer.java:1097)
      at
      org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:152)
      at
      org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:87)
      at
      org.atricore.idbus.kernel.main.mediation.camel.AbstractCamelProducer.process(AbstractCamelProducer.java:133)
      at
      org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43)
      at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84)
      at
      org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
      at
      org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189)
      at
      org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133)
      at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at
      org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at
      org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
      at
      org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52)
      at
      org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41)
      at
      org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66)
      at
      org.atricore.idbus.kernel.main.mediation.camel.component.binding.CamelMediationEndpoint$ConsumerProcessor.process(CamelMediationEndpoint.java:319)
      at
      org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43)
      at
      org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:59)
      at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84)
      at
      org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
      at
      org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189)
      at
      org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133)
      at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at
      org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at
      org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
      at
      org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
      at
      org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52)
      at
      org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41)
      at
      org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66)
      at
      org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.doService(OsgiIDBusServlet2.java:624)
      at
      org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.service(OsgiIDBusServlet2.java:138)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at
      org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at
      org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at
      org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.handle(HttpServiceServletHandler.java:64)
      at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
      at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
      at
      org.ops4j.pax.web.service.jetty.internal.ConfigurableHttpServiceContext.handle(ConfigurableHttpServiceContext.java:98)
      at
      org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:64)
      at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
      at org.mortbay.jetty.Server.handle(Server.java:326) at
      org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at
      org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at
      org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at
      org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at
      org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
      at
      org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

      Can someone give me some hint about where might be wrong and how can I try
      to fix it?

      Thank you.

      Getting Null KeyInfo object! exception when using remote IDP
      https://sourceforge.net/p/josso/discussion/399715/thread/18c71ba3/?limit=25#009c


      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/josso/discussion/399715/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       
  • Gianluca Brigandi

    Hi Ran,

    Looks like an issue with your metadata descriptor. If you're going to use a local IdP you do not need to create a metadata descriptor as this will be created for you.

    If you're connecting with an external/remote IdP, you should be importing the metadata descriptor they provide to you.

    Nevertheless, looks like the IdP is trying to digitally sign a SAML2 response whereas it's not able to find the x509 key in it's metadata descriptor. If you're trying to connect JOSSO2 to a a remote IdP, I would suggest setting up a separate JOSSO2 instance playing the IdP role and use the corresponding metadata in the other JOSSO2 instance playing the SP role.
    Once you get this working you can compare the metadata descriptor with the bogus one for troubleshooting.

    Hope this helps.

    Regards,
    Gianluca.

     
    • Ran Duan

      Ran Duan - 2015-05-07

      Thank you for the response.
      Yes, in the JOSSO application, I am creating a external IDP with meta-data someone else provided to me. So, you are suggesting that this error is because there is something wrong with either the external idP or the meta-data file generated by the external idP, is that correct?

       
  • Ran Duan

    Ran Duan - 2015-05-07

    Thank you for the response.

    Yes, in the JOSSO application, I am creating a external IDP with meta-data someone else provided to me. So, you are suggesting that this error is because there is something wrong with either the external idP or the meta-data file generated by the external idP, is that correct?

     
  • Gianluca Brigandi

    It's likely to be the issue. All SAML2 implementations have subtle differences which can easily break interoperability.

    Looking at it more closely, the SP is trying to verify the authenticity of a SAML2 response pushed by the remote identity provider. It breaks when it tries to obtain the public key for the external IdP from the metadata, that is required for verifying the digital signature on the response.

     

Log in to post a comment.