SAML2.0 Encrypted assertion is not working.

rathnapandi Wed, 30 Jul 2014 09:32:30 -0700

Hi,

I am working on IDP initiated single sign on. while trying to decrypt the
encrypted SAML assertion, i am getting following exception.


org.apache.wss4j.common.ext.WSSecurityException: SAML token security failure
        at
org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.decryptAssertion(SAMLProtocolResponseValidator.java:417)
        at
org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator.validateSamlResponse(SAMLProtocolResponseValidator.java:121)
        at
org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest.testSignedResponse(SAMLResponseValidatorTest.java:293)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
        at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
        at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
        at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
        at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
        at
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
        at
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
        at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

SAML Request: 


<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
        ID="e39bdc9e-6920-4894-9742-f56534aa870c"
InResponseTo="http://cxf.apache.org/saml";
        IssueInstant="2014-07-30T00:12:08.486Z" Version="2.0">
        <saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://cxf.apache.org/issuer</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                <ds:SignedInfo>
                        <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                        <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
                        <ds:Reference 
URI="#e39bdc9e-6920-4894-9742-f56534aa870c">
                                <ds:Transforms>
                                        <ds:Transform
                                                
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
                                        <ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
                                </ds:Transforms>
                                <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
                                
<ds:DigestValue>1/IygBB7AS3HnpfezbRDVKV9rKo=</ds:DigestValue>
                        </ds:Reference>
                </ds:SignedInfo>
        
<ds:SignatureValue>fF42I5HivEoC435ItcmlYGOZcOGdS+EJGGwYLdm7osNVx8fpMAr7x4coH6P18xrnBG7VxShNUdRCAHfGbInBOcI3D5gyN3IRJZxgnJkJ0MKSrEDvKTm2d/YtBD34Wt8ov0TwYYmranknhutIjcTmPzqtAY2SRU4iIaS+1oh6Ans=</ds:SignatureValue>
                <ds:KeyInfo>
                        <ds:X509Data>
                        
<ds:X509Certificate>MIICGjCCAYOgAwIBAgIESVRgATANBgkqhkiG9w0BAQUFADAzMRMwEQYDVQQKEwphcGFjaGUub3Jn
                                
MQwwCgYDVQQLEwNlbmcxDjAMBgNVBAMTBWN4ZmNhMB4XDTcwMDEwMTAwMDAwMFoXDTM4MDExOTAz
                                
MTQwN1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGlj
                                
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvu747/VShQ85f16DGSc4Ixh9PVpGguyEqrCs
                                
K8q9XHOYX9l9/g5wEC6ZcR2FwfNsoaHcKNPjd5sSTzVtBWmQjfBEfIqwTR7vuihOxyNTwEzVwIJz
                                
vo7p8/aYxk+VdBtQxq4UweIcf/iFkUbM1cZ1oiXRQzciRBi+C1BQCQE0qzsCAwEAAaM7MDkwIQYD
                                
VR0SBBowGIIWTk9UX0ZPUl9QUk9EVUNUSU9OX1VTRTAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJ
                                
KoZIhvcNAQEFBQADgYEAhLwkm+8psKt4gnbikGzV0TgpSWGcWxWKBi+z8tI2n6hFA5v1jVHHa4G9
                                
h3s0nxQ2TewzeR/k7gmgV2sI483NgrYHmTmLKaDBWza2pAuZuDhQH8GAEhJakFtKBP++EC9rNNpZ
                                        
nqqHxx3qb2tW25qRtBzDmK921gg9PMomMc7uqRQ=</ds:X509Certificate>
                        </ds:X509Data>
                </ds:KeyInfo>
        </ds:Signature>
        <saml2p:Status>
                <saml2p:StatusCode 
Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
        </saml2p:Status>
        <saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
                        Id="_5db2d7b21d83fd63ffcec446a2d45e9f"
Type="http://www.w3.org/2001/04/xmlenc#Element";>
                        <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
                        <ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                                <ds:RetrievalMethod 
Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey";
                                        
URI="#_fc396a1ca1321c7137314335ce6b32c3" />
                        </ds:KeyInfo>
                        <xenc:CipherData>
                        
<xenc:CipherValue>HVkriaqxkl1H9E/p68bSL2HOZGF7wzq2Dc8knEDAu7FHhJwaIGmPdEoh0ff2m4xkYmCJFQGsJu7iDuG48guU8E/gEVRaljRFrYfLJ3mWhPv99DvseZtX1DyQiu9ceiXfYIlXJ2QwKEqeEpEG8+myFQ/HpNlZ2Zxf9/Hs/TFUHlrv3QvF1toLgVmHLPlqojVvMy4pa5+pRpUx8qqxRlEVYGN2yrWUEom/HTPZ23N3Jrjfin6oiQo3ljCrysjZsO4v6R+BcmhDbyUT8bHZhUQ7AfygUV6QxKUwbUXZimL+YjwzCl3TXn/UuGJscsXNQmuKh5/yRntgzIMzc3kFq9d1V5e+opnVfJVxElK3xGCXbroS5/BgzYuHhu08OH93c5ekpIUtstNbdLDuJLiGUrwzkMEPtVTWepLLVYI8wV5S/fvTWqvtZa4fz9IE9QZ8QGkaI2rZKkRi/jXU1bkluXk0k1v2xxLQy2qofGzNvW7j5XyW3cdjISZECH/CRxq1vA2y9W2cqvivpmEd2h8qf+y6N2yYQZuc+yTCUNP63KT51ZP+vgSAtRZICHY7KGMK0/bS1UC2n6lEtVEJv3EztYprLiItApIafraDZZai0rjFxxXOwedaDdEhUXWMd7TReeNEPUTa3NzzWWxc6DWDnCOtdGHI5+m2msKs26a+Q1CW0OYyv083B0NXUi7OxGTxFyT2evfwSaEZlRUWqiipPwkvxr1VXE4/uiDjFm2yJc1a1nDKIx56MY5mVnJwk82xLyuQKjJW8KruD1ArxQn/HEwzmz7POPCy8rA/dEp8s83waJ/PyJbE2dnkroWjG4QeX3NDtmxuIdDGqSB7bdXl9eF4+0SDoWNbQQna30hmFyN6Z0Hl1S/xVK8lNOKMG5j4JNjyZoSDfnJJWQtbIB/OUxFhXTEwUIU5jwpnazTNy7oe+lwqPG5/s45zGZf54gAFSNhD5zpWMQFR1oZOFwYbO/SIwyoVUqPDpoS+nyMrwCeklklNs0c1dFAc4ZUzwRs5oqLxuW3wh+wqIFCoy+bOONYNdvnBgLfjSqczEPXZ/oNDlfGN9gwEtqn/ZrXG2wjic4lyU6jZbHKTPgQzVVvH+TS2NuVSez0fLbs+8gEU6Oc7zWeSm+D/xPNkRDOwJJJ4db801V7K2cE3lCrUyYaUPnLyKqd5E9vJL7KENehLJTEOGkP1dINt1Zmm2b3HUYB4ckgprND8x23ugNz3MAbuDklUvvGwUPT/T8hJsO5PXLF8X6NssiHYa12sGWEdsAZHx1pHBiIFG0iTacnTmJ5nxZ4mT1YadBkWtf3eo2VoDI1USaM=</xenc:CipherValue>
                        </xenc:CipherData>
                </xenc:EncryptedData>
                <xenc:EncryptedKey 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
                        Id="_fc396a1ca1321c7137314335ce6b32c3">
                        <xenc:EncryptionMethod
                                
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";>
                                <ds:DigestMethod 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
                                        
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
                        </xenc:EncryptionMethod>
                        <ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                                <ds:X509Data>
                                
<ds:X509Certificate>MIICozCCAYsCBgFHeaCnQzANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpBeHdheSBDU09TMB4X
                                        
DTE0MDcyNzIxMDEwMFoXDTE5MDcyNzIxMDEwMFowFTETMBEGA1UEAxMKQXh3YXkgQ1NPUzCCASIw
                                        
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANEA0LYHjry0wGwrWGCxtN5fMJMESjKe2fjdnPqN
                                        
oOFxTqtubtLNFjo+1FIM6+zrerB0QbKMN6YJfJ9rUvWSullbx8cpfiGqU9PYtl5NKuu8sSUN4W3E
                                        
5jSK5j1Wab/Z1oliX3Vt4P/6r33RtrPtk7kcJR3T/fafYKY1L7hrEEK3TXp7hIddf8oPjAYVzK9q
                                        
VYNvU2jjR16CNkGjLqxCnW1JZQ704yuO9BfhYP0Z4QDvHQb5hbWox70T6/MIrZn/IofmotuwDWeV
                                        
J5wWmPXEAcitA1hIw0VKj4qiVAHUmA8ae88jQcMD/I10hJg9Hs4EXZTDIwr7hyLLaL19BeuYlWMC
                                        
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEAZHrHcTqRiJ/5k4NmrCD5HIed1mLwbUxO63CkM/PYQVTG
                                        
tDn4zD8IjfqhjLNud7g53HjqIdu2Qi86+0ZVncQdMfX9X8y3pz42vfpFStqNt8ExxDZXdKW747AX
                                        
GzgLLT02AulArd5wd3y3qFJGfVkqvrSvuAtC6lE+TezMZQIAh5Lxa9EugFrG0llZvVDNg20iOr7y
                                        
HpVGyI3P82+krv1LhqhKuTJoH0vLaAQQxGxBWLhpsefIEAEPepDbz/fW0fGoQYTMmnY2nVFd1N4T
                                        
oKAVYsvYK14fPtUgx+lUyJaMfMFXX6babq2wctv18WkAolymV22ToHnEC/QdI6sszFBh2g==</ds:X509Certificate>
                                </ds:X509Data>
                        </ds:KeyInfo>
                        <xenc:CipherData>
                        
<xenc:CipherValue>eJ7Ro0S+tyKFPfhlhzarGWJTLDVt/mE/V9ooLwlX91BM2GOfL6P+6WaHijY/oXjwKXBHQ36jM+1wIwEo5FWSQTCVaU4vsxpkyzz2XkHO1uvUHSXQo/Z6LIcBh2OfNXCET1vu+B7XHRmEQIeDg6hI3kUJTcIJ+VDtYTdtzF/OJMMLeypCIvyt1b2Z5xHVxYbaItdqQbQ/nNgJdUcYvlNj3J6ZmVxIekVHKhUVe6PWK/79v0VdPi2VBQ1b5ukkDalsH64irOjcXfeZe6N4Sxgw84gbF6X9qGHt738Fu5i3lcL0fwEz8BpRrpX1eMMIVZFKukUuocw6X8f0NwPjF7O3Sw==</xenc:CipherValue>
                        </xenc:CipherData>
                        <xenc:ReferenceList>
                                <xenc:DataReference 
URI="#_5db2d7b21d83fd63ffcec446a2d45e9f" />
                        </xenc:ReferenceList>
                </xenc:EncryptedKey>
        </saml2:EncryptedAssertion>
</saml2p:Response>

Am i missing anything?


CXF Version: 3.1.0-SNAPSHOT

Thanks
Rathnapandi



--
View this message in context: 
http://cxf.547215.n5.nabble.com/SAML2-0-Encrypted-assertion-is-not-working-tp5747089.html
Sent from the cxf-dev mailing list archive at Nabble.com.

SAML2.0 Encrypted assertion is not working.

Reply via email to