Hi,
I have created a local SP with JOSSO 2.4 and imported a removed IDP from meta-data file. When doing testing I got the following exception:
javax.xml.crypto.KeySelectorException: Null KeyInfo object! at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl$RawX509KeySelector.select(JSR105SamlR2SignerImpl.java:1188) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source) at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validate(JSR105SamlR2SignerImpl.java:735) at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validateDom(JSR105SamlR2SignerImpl.java:670) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.validateResponse(AssertionConsumerProducer.java:1097) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:152) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:87) at org.atricore.idbus.kernel.main.mediation.camel.AbstractCamelProducer.process(AbstractCamelProducer.java:133) at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133) at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66) at org.atricore.idbus.kernel.main.mediation.camel.component.binding.CamelMediationEndpoint$ConsumerProcessor.process(CamelMediationEndpoint.java:319) at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43) at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:59) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133) at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66) at org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.doService(OsgiIDBusServlet2.java:624) at org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.service(OsgiIDBusServlet2.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.handle(HttpServiceServletHandler.java:64) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.ops4j.pax.web.service.jetty.internal.ConfigurableHttpServiceContext.handle(ConfigurableHttpServiceContext.java:98) at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:64) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Can someone give me some hint about where might be wrong and how can I try to fix it?
Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Josso sucks. Use something else.
On May 7, 2015 1:28 PM, "Ran Duan" tomduan@users.sf.net wrote:
Hi,
I have created a local SP with JOSSO 2.4 and imported a removed IDP from
meta-data file. When doing testing I got the following exception:
javax.xml.crypto.KeySelectorException: Null KeyInfo object! at
org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl$RawX509KeySelector.select(JSR105SamlR2SignerImpl.java:1188)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown
Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown
Source) at
org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validate(JSR105SamlR2SignerImpl.java:735)
at
org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validateDom(JSR105SamlR2SignerImpl.java:670)
at
org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.validateResponse(AssertionConsumerProducer.java:1097)
at
org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:152)
at
org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:87)
at
org.atricore.idbus.kernel.main.mediation.camel.AbstractCamelProducer.process(AbstractCamelProducer.java:133)
at
org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84)
at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
at
org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189)
at
org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at
org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
at
org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52)
at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41)
at
org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66)
at
org.atricore.idbus.kernel.main.mediation.camel.component.binding.CamelMediationEndpoint$ConsumerProcessor.process(CamelMediationEndpoint.java:319)
at
org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43)
at
org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:59)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84)
at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
at
org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189)
at
org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at
org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87)
at
org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82)
at
org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52)
at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41)
at
org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66)
at
org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.doService(OsgiIDBusServlet2.java:624)
at
org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.service(OsgiIDBusServlet2.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at
org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.handle(HttpServiceServletHandler.java:64)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at
org.ops4j.pax.web.service.jetty.internal.ConfigurableHttpServiceContext.handle(ConfigurableHttpServiceContext.java:98)
at
org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:64)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326) at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at
org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at
org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at
org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Can someone give me some hint about where might be wrong and how can I try
to fix it?
Looks like an issue with your metadata descriptor. If you're going to use a local IdP you do not need to create a metadata descriptor as this will be created for you.
If you're connecting with an external/remote IdP, you should be importing the metadata descriptor they provide to you.
Nevertheless, looks like the IdP is trying to digitally sign a SAML2 response whereas it's not able to find the x509 key in it's metadata descriptor. If you're trying to connect JOSSO2 to a a remote IdP, I would suggest setting up a separate JOSSO2 instance playing the IdP role and use the corresponding metadata in the other JOSSO2 instance playing the SP role.
Once you get this working you can compare the metadata descriptor with the bogus one for troubleshooting.
Hope this helps.
Regards,
Gianluca.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for the response.
Yes, in the JOSSO application, I am creating a external IDP with meta-data someone else provided to me. So, you are suggesting that this error is because there is something wrong with either the external idP or the meta-data file generated by the external idP, is that correct?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, in the JOSSO application, I am creating a external IDP with meta-data someone else provided to me. So, you are suggesting that this error is because there is something wrong with either the external idP or the meta-data file generated by the external idP, is that correct?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's likely to be the issue. All SAML2 implementations have subtle differences which can easily break interoperability.
Looking at it more closely, the SP is trying to verify the authenticity of a SAML2 response pushed by the remote identity provider. It breaks when it tries to obtain the public key for the external IdP from the metadata, that is required for verifying the digital signature on the response.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have created a local SP with JOSSO 2.4 and imported a removed IDP from meta-data file. When doing testing I got the following exception:
javax.xml.crypto.KeySelectorException: Null KeyInfo object! at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl$RawX509KeySelector.select(JSR105SamlR2SignerImpl.java:1188) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(Unknown Source) at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validate(JSR105SamlR2SignerImpl.java:735) at org.atricore.idbus.capabilities.sso.support.core.signature.JSR105SamlR2SignerImpl.validateDom(JSR105SamlR2SignerImpl.java:670) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.validateResponse(AssertionConsumerProducer.java:1097) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:152) at org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.doProcess(AssertionConsumerProducer.java:87) at org.atricore.idbus.kernel.main.mediation.camel.AbstractCamelProducer.process(AbstractCamelProducer.java:133) at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133) at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66) at org.atricore.idbus.kernel.main.mediation.camel.component.binding.CamelMediationEndpoint$ConsumerProcessor.process(CamelMediationEndpoint.java:319) at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:43) at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:59) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:84) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:189) at org.apache.camel.processor.DeadLetterChannel.process(DeadLetterChannel.java:133) at org.apache.camel.processor.Pipeline.process(Pipeline.java:115) at org.apache.camel.processor.Pipeline.process(Pipeline.java:89) at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:68) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.proceed(StreamCachingInterceptor.java:87) at org.apache.camel.processor.interceptor.StreamCachingInterceptor.process(StreamCachingInterceptor.java:82) at org.apache.camel.processor.UnitOfWorkProcessor.process(UnitOfWorkProcessor.java:52) at org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:41) at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:66) at org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.doService(OsgiIDBusServlet2.java:624) at org.atricore.idbus.kernel.main.mediation.camel.component.http.OsgiIDBusServlet2.service(OsgiIDBusServlet2.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390) at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.handle(HttpServiceServletHandler.java:64) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.ops4j.pax.web.service.jetty.internal.ConfigurableHttpServiceContext.handle(ConfigurableHttpServiceContext.java:98) at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:64) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Can someone give me some hint about where might be wrong and how can I try to fix it?
Thank you.
Josso sucks. Use something else.
On May 7, 2015 1:28 PM, "Ran Duan" tomduan@users.sf.net wrote:
Hi Ran,
Looks like an issue with your metadata descriptor. If you're going to use a local IdP you do not need to create a metadata descriptor as this will be created for you.
If you're connecting with an external/remote IdP, you should be importing the metadata descriptor they provide to you.
Nevertheless, looks like the IdP is trying to digitally sign a SAML2 response whereas it's not able to find the x509 key in it's metadata descriptor. If you're trying to connect JOSSO2 to a a remote IdP, I would suggest setting up a separate JOSSO2 instance playing the IdP role and use the corresponding metadata in the other JOSSO2 instance playing the SP role.
Once you get this working you can compare the metadata descriptor with the bogus one for troubleshooting.
Hope this helps.
Regards,
Gianluca.
Thank you for the response.
Yes, in the JOSSO application, I am creating a external IDP with meta-data someone else provided to me. So, you are suggesting that this error is because there is something wrong with either the external idP or the meta-data file generated by the external idP, is that correct?
Thank you for the response.
Yes, in the JOSSO application, I am creating a external IDP with meta-data someone else provided to me. So, you are suggesting that this error is because there is something wrong with either the external idP or the meta-data file generated by the external idP, is that correct?
It's likely to be the issue. All SAML2 implementations have subtle differences which can easily break interoperability.
Looking at it more closely, the SP is trying to verify the authenticity of a SAML2 response pushed by the remote identity provider. It breaks when it tries to obtain the public key for the external IdP from the metadata, that is required for verifying the digital signature on the response.