Rohit,
I have debugged already and found that the password for keystore is null,
though I have provided the password in properties file, which is the cause for
the issue.
I will try with any publicly available SAML providers.
Thanks,
Harika.
On 30/11/17, 3:17 PM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote:
Harika,
I'm planning to run some tests by end of next week, I'll keep you posted.
Meanwhile, try to debug the issue, attach a debugger and see what is
causing the failure and use one of the publicly available SAML idp providers,
the issue could also be related to your SAML sp/idp configuration.
Regards.
________________________________
From: Harika Punna <harika.pu...@accelerite.com>
Sent: Thursday, November 30, 2017 11:03:05 AM
To: Rohit Yadav; dev@cloudstack.apache.org
Subject: Re: Issue with Opensaml and Self-Signed Certificates
Rohit,
I have tried the same thing on latest master, even on that I could the same
dependencies.
Are you using opensaml of version 2.6.4? Have you faced this issue when
working with self-signed certificates.
I would appreciate any help on this.
Thanks,
Harika.
From: Rohit Yadav <rohit.ya...@shapeblue.com>
Date: Wednesday, 29 November 2017 at 1:09 PM
To: "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>, Harika Punna
<harika.pu...@accelerite.com>
Subject: Re: Issue with Opensaml and Self-Signed Certificates
Harika, Can you test the latest master and see if you can reproduce the
error?
Get Outlook for Android<https://aka.ms/ghei36>
rohit.ya...@shapeblue.com
www.shapeblue.com
@shapeblue
________________________________
From: Harika Punna <harika.pu...@accelerite.com>
Sent: Wednesday, November 29, 2017 10:57:53 AM
To: Rohit Yadav; dev@cloudstack.apache.org
Subject: Re: Issue with Opensaml and Self-Signed Certificates
Rohit,
I was trying to configure ACS with ADFS using saml plugin.
I find the not-yet-commons-ssl.jar in the opensaml-2.6.4 dependency of
plugins/user-authentication/saml2/pom.xml
The dependency tree of not-yet-commons-ssl is as follows-
opensaml-2.6.4 > openws-1.5.4 > xmltooling-1.4.4 > not-yet-commons-ssl-0.3.9
May I know which version of opensaml are you using?
Thanks,
Harika.
From: Rohit Yadav <rohit.ya...@shapeblue.com>
Date: Tuesday, 28 November 2017 at 6:56 PM
To: Harika Punna <harika.pu...@accelerite.com>, "dev@cloudstack.apache.org"
<dev@cloudstack.apache.org>
Subject: Re: Issue with Opensaml and Self-Signed Certificates
Harika,
Can you share what exactly are you doing, perhaps you can submit a PR and
ask for review?
I did not find any usage of a KeyStoreBuilder class in current master, nor
we've a not-yet-commons-ssl dependency in current codebase.
Regard.
rohit.ya...@shapeblue.com
www.shapeblue.com
@shapeblue
________________________________
From: Harika Punna <harika.pu...@accelerite.com>
Sent: Tuesday, November 28, 2017 2:13:33 PM
To: dev@cloudstack.apache.org; Rohit Yadav
Subject: Re: Issue with Opensaml and Self-Signed Certificates
Hi Rohit,
Could you please help me on this?
-Harika.
On 27/11/17, 4:26 PM, "Harika Punna" <harika.pu...@accelerite.com> wrote:
Hi,
When I use Opensaml on 4.10 with the self-signed certificates I get the
following error, though the configuration for the opensaml and ssl is proper.
It works fine if I debug and supply the password of the keystore in
KeyStoreBuilder class, which is in not-yet-commons-ssl.jar.
Has anyone faced this issue, I tried with different versions of
opensaml but nothing worked. Found similar issue on SO at [1], but none of them
helped.
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
at sun.security.util.DerValue.init(DerValue.java:365)
at sun.security.util.DerValue.<init>(DerValue.java:320)
at
sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at
org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)
at
org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
at sun.security.util.DerValue.init(DerValue.java:365)
at sun.security.util.DerValue.<init>(DerValue.java:320)
at
sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at
org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:450)
at
org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:416)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
java.security.KeyStoreException: failed to extract any certificates or
private keys - maybe bad password?
at
org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:436)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:207)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:160)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:165)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:170)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:83)
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Exception in thread "Timer-4" java.lang.ExceptionInInitializerError
at
org.opensaml.xml.security.x509.X509Util.decodeCertificate(X509Util.java:359)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificate(KeyInfoHelper.java:201)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:176)
at
org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(KeyInfoHelper.java:150)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.addIdpToMap(SAML2AuthManagerImpl.java:293)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.discoverAndAddIdp(SAML2AuthManagerImpl.java:323)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl.access$200(SAML2AuthManagerImpl.java:92)
at
org.apache.cloudstack.saml.SAML2AuthManagerImpl$MetadataRefreshTask.run(SAML2AuthManagerImpl.java:349)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.lang.NullPointerException
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:127)
at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:118)
at org.apache.commons.ssl.TrustMaterial.<clinit>(TrustMaterial.java:108)
... 10 more
[1]
https://stackoverflow.com/questions/27792138/spring-saml-sample-application-returns-could-not-initialize-class-org-apache-com
Thanks,
Harika.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which
is the property of Accelerite, a Persistent Systems business. It is intended
only for the use of the individual or entity to which it is addressed. If you
are not the intended recipient, you are not authorized to read, retain, copy,
print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message.
Accelerite, a Persistent Systems business does not accept any liability for
virus infected mails.
rohit.ya...@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
