Harika,
I'm planning to run some tests by end of next week, I'll keep you posted. Meanwhile, try to debug the issue, attach a debugger and see what is causing the failure and use one of the publicly available SAML idp providers, the issue could also be related to your SAML sp/idp configuration. Regards. ________________________________ From: Harika Punna <harika.pu...@accelerite.com> Sent: Thursday, November 30, 2017 11:03:05 AM To: Rohit Yadav; dev@cloudstack.apache.org Subject: Re: Issue with Opensaml and Self-Signed Certificates Rohit, I have tried the same thing on latest master, even on that I could the same dependencies. Are you using opensaml of version 2.6.4? Have you faced this issue when working with self-signed certificates. I would appreciate any help on this. Thanks, Harika. From: Rohit Yadav <rohit.ya...@shapeblue.com> Date: Wednesday, 29 November 2017 at 1:09 PM To: "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>, Harika Punna <harika.pu...@accelerite.com> Subject: Re: Issue with Opensaml and Self-Signed Certificates Harika, Can you test the latest master and see if you can reproduce the error? Get Outlook for Android<https://aka.ms/ghei36> rohit.ya...@shapeblue.com www.shapeblue.com @shapeblue ________________________________ From: Harika Punna <harika.pu...@accelerite.com> Sent: Wednesday, November 29, 2017 10:57:53 AM To: Rohit Yadav; dev@cloudstack.apache.org Subject: Re: Issue with Opensaml and Self-Signed Certificates Rohit, I was trying to configure ACS with ADFS using saml plugin. I find the not-yet-commons-ssl.jar in the opensaml-2.6.4 dependency of plugins/user-authentication/saml2/pom.xml The dependency tree of not-yet-commons-ssl is as follows- opensaml-2.6.4 > openws-1.5.4 > xmltooling-1.4.4 > not-yet-commons-ssl-0.3.9 May I know which version of opensaml are you using? Thanks, Harika. From: Rohit Yadav <rohit.ya...@shapeblue.com> Date: Tuesday, 28 November 2017 at 6:56 PM To: Harika Punna <harika.pu...@accelerite.com>, "dev@cloudstack.apache.org" <dev@cloudstack.apache.org> Subject: Re: Issue with Opensaml and Self-Signed Certificates Harika, Can you share what exactly are you doing, perhaps you can submit a PR and ask for review? I did not find any usage of a KeyStoreBuilder class in current master, nor we've a not-yet-commons-ssl dependency in current codebase. Regard. rohit.ya...@shapeblue.com www.shapeblue.com @shapeblue ________________________________ From: Harika Punna <harika.pu...@accelerite.com> Sent: Tuesday, November 28, 2017 2:13:33 PM To: dev@cloudstack.apache.org; Rohit Yadav Subject: Re: Issue with Opensaml and Self-Signed Certificates Hi Rohit, Could you please help me on this? -Harika. On 27/11/17, 4:26 PM, "Harika Punna" <harika.pu...@accelerite.com> wrote: Hi, When I use Opensaml on 4.10 with the self-signed certificates I get the following error, though the configuration for the opensaml and ssl is proper. It works fine if I debug and supply the password of the keystore in KeyStoreBuilder class, which is in not-yet-commons-ssl.jar. Has anyone faced this issue, I tried with different versions of opensaml but nothing worked. Found similar issue on SO at [1], but none of them helped. java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. at sun.security.util.DerInputStream.getLength(DerInputStream.java:561) at sun.security.util.DerValue.init(DerValue.java:365) at sun.security.util.DerValue.<init>(DerValue.java:320) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450) at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170) at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83) at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92) at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. at sun.security.util.DerInputStream.getLength(DerInputStream.java:561) at sun.security.util.DerValue.init(DerValue.java:365) at sun.security.util.DerValue.<init>(DerValue.java:320) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450) at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170) at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83) at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92) at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) java.security.KeyStoreException: failed to extract any certificates or private keys - maybe bad password? at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:436) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170) at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83) at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92) at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Exception in thread "Timer-4" java.lang.ExceptionInInitializerError at org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176) at org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323) at org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92) at org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.lang.NullPointerException at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:127) at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:118) at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:108) ... 10 more [1] https://stackoverflow.com/questions/27792138/spring-saml-sample-application-returns-could-not-initialize-class-org-apache-com Thanks, Harika. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails. rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
