Failed to decrypt symmetric key: Key is missing data to perform the decryption
2,007 views
Skip to first unread message
Jon
Aug 22, 2012, 6:32:25 PM8/22/12
to simple...@googlegroups.com
Hi,
I am using SSP as an SP to authenticate with Shibboleth IdPs. When
attempting to test with one SAML2 IdP I consistently get the error below
in my SSP log. I am not sure how to debug or proceed with this error.
Any idea on how I can resolve this issue to continue the authentication
process?
There are additional backtraces and errors as well, but this is the
first one. If more detailed logs are hep I can provide them.
Thanks for any help.
---
Received SAML2 Response from '...'.
Has 1 candidate keys for validation.
Validation with key #0 failed without exception.
Failed to decrypt symmetric key: Key is missing data to perform the decryption
SimpleSAML_Error_Exception: Error 2 - openssl_pkey_get_details() expects parameter 1 to be resource, boolean given
Backtrace:
9 /usr/share/php/simplesamlphp/www/_include.php:70 (SimpleSAML_error_handler)
8 [builtin] (openssl_pkey_get_details)
7 /usr/share/php/simplesamlphp/lib/SAML2/Utils.php:405 (SAML2_Utils::_decryptElement)
6 /usr/share/php/simplesamlphp/lib/SAML2/Utils.php:464 (SAML2_Utils::decryptElement)
5 /usr/share/php/simplesamlphp/lib/SAML2/EncryptedAssertion.php:88 (SAML2_EncryptedAssertion::getAssertion)
4 /usr/share/php/simplesamlphp/modules/saml/lib/Message.php:328 (sspmod_saml_Message::decryptAssertion)
3 /usr/share/php/simplesamlphp/modules/saml/lib/Message.php:527 (sspmod_saml_Message::processAssertion)
2 /usr/share/php/simplesamlphp/modules/saml/lib/Message.php:501 (sspmod_saml_Message::processResponse)
1 /usr/share/php/simplesamlphp/modules/saml/www/sp/saml2-acs.php:75 (require)
0 /usr/share/php/simplesamlphp/www/module.php:135 (N/A)
I am using SSP as an SP to authenticate with Shibboleth IdPs. When
attempting to test with one SAML2 IdP I consistently get the error below
in my SSP log. I am not sure how to debug or proceed with this error.
Any idea on how I can resolve this issue to continue the authentication
process?
There are additional backtraces and errors as well, but this is the
first one. If more detailed logs are hep I can provide them.
Thanks for any help.
---
Received SAML2 Response from '...'.
Has 1 candidate keys for validation.
Validation with key #0 failed without exception.
Failed to decrypt symmetric key: Key is missing data to perform the decryption
SimpleSAML_Error_Exception: Error 2 - openssl_pkey_get_details() expects parameter 1 to be resource, boolean given
Backtrace:
9 /usr/share/php/simplesamlphp/www/_include.php:70 (SimpleSAML_error_handler)
8 [builtin] (openssl_pkey_get_details)
7 /usr/share/php/simplesamlphp/lib/SAML2/Utils.php:405 (SAML2_Utils::_decryptElement)
6 /usr/share/php/simplesamlphp/lib/SAML2/Utils.php:464 (SAML2_Utils::decryptElement)
5 /usr/share/php/simplesamlphp/lib/SAML2/EncryptedAssertion.php:88 (SAML2_EncryptedAssertion::getAssertion)
4 /usr/share/php/simplesamlphp/modules/saml/lib/Message.php:328 (sspmod_saml_Message::decryptAssertion)
3 /usr/share/php/simplesamlphp/modules/saml/lib/Message.php:527 (sspmod_saml_Message::processAssertion)
2 /usr/share/php/simplesamlphp/modules/saml/lib/Message.php:501 (sspmod_saml_Message::processResponse)
1 /usr/share/php/simplesamlphp/modules/saml/www/sp/saml2-acs.php:75 (require)
0 /usr/share/php/simplesamlphp/www/module.php:135 (N/A)
Jon Dufresne
Aug 24, 2012, 10:25:53 AM8/24/12
to simple...@googlegroups.com
Any ideas on this? I am totally stuck connecting to the IdP. Just
curious if there is some obvious configuration I missed or some way to
debug the root cause of the error.
Thanks.
curious if there is some obvious configuration I missed or some way to
debug the root cause of the error.
Thanks.
Julien
Jan 6, 2014, 10:38:26 AM1/6/14
to simple...@googlegroups.com, j...@erezlife.com
I know this post is oldy but it could have save me hours so I write my answer other poor guy like me.
It's already answered in https://groups.google.com/d/msg/simplesamlphp/krAo-Lrs5KQ/NCM8j_iqPToJ however I didn't catch it when I read it too quickly.
I experienced this problem after an ugly cut and paste from this post https://groups.google.com/d/msg/simplesamlphp/IDQBEx2eIPs/kC4iEv_lBQsJ
You have to set up the key attribute accurately by the X509 certificate value of you IdP.
Reply all
Reply to author
Forward
0 new messages