SimpleSAML_Error_Exception:supplied key param cannot be coerced into a private key
2,694 views
Skip to first unread message
ap03...@gmail.com
Jun 7, 2016, 5:31:43 AM6/7/16
to SimpleSAMLphp
I got a strange problem. SimpleSAML_Error_Exception: Error 2 - openssl_sign(): supplied key param cannot be coerced into a private key.
I don't know why it happen.
Is anybody can give me a help?
The error logs is here:
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] SimpleSAML_Error_Exception: Error 2 - openssl_sign(): supplied key param cannot be coerced into a private key
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] Backtrace:
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 21 D:\Apache24\simplesamlphp\www\_include.php:75 (SimpleSAML_error_handler)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 20 [builtin] (openssl_sign)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 19 D:\Apache24\simplesamlphp\vendor\robrichards\xmlseclibs\src\XMLSecurityKey.php:384 (XMLSecurityKey::signOpenSSL)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 18 D:\Apache24\simplesamlphp\vendor\robrichards\xmlseclibs\src\XMLSecurityKey.php:423 (XMLSecurityKey::signData)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 17 D:\Apache24\simplesamlphp\vendor\robrichards\xmlseclibs\src\XMLSecurityDSig.php:665 (XMLSecurityDSig::signData)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 16 D:\Apache24\simplesamlphp\vendor\robrichards\xmlseclibs\src\XMLSecurityDSig.php:685 (XMLSecurityDSig::sign)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 15 D:\Apache24\simplesamlphp\vendor\simplesamlphp\saml2\src\SAML2\Utils.php:360 (SAML2_Utils::insertSignature)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 14 D:\Apache24\simplesamlphp\vendor\simplesamlphp\saml2\src\SAML2\Assertion.php:1268 (SAML2_Assertion::toXML)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 13 D:\Apache24\simplesamlphp\vendor\simplesamlphp\saml2\src\SAML2\Response.php:75 (SAML2_Response::toUnsignedXML)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 12 D:\Apache24\simplesamlphp\vendor\simplesamlphp\saml2\src\SAML2\Message.php:438 (SAML2_Message::toSignedXML)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 11 D:\Apache24\simplesamlphp\vendor\simplesamlphp\saml2\src\SAML2\HTTPPost.php:26 (SAML2_HTTPPost::send)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 10 D:\Apache24\simplesamlphp\modules\saml\lib\IdP\SAML2.php:78 (sspmod_saml_IdP_SAML2::sendResponse)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 9 [builtin] (call_user_func)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 8 D:\Apache24\simplesamlphp\lib\SimpleSAML\IdP.php:287 (SimpleSAML_IdP::postAuthProc)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 7 D:\Apache24\simplesamlphp\lib\SimpleSAML\IdP.php:333 (SimpleSAML_IdP::postAuth)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 6 [builtin] (call_user_func)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 5 D:\Apache24\simplesamlphp\lib\SimpleSAML\Auth\Source.php:229 (SimpleSAML_Auth_Source::loginCompleted)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 4 [builtin] (call_user_func)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 3 D:\Apache24\simplesamlphp\lib\SimpleSAML\Auth\Source.php:145 (SimpleSAML_Auth_Source::completeAuth)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 2 D:\Apache24\simplesamlphp\modules\core\lib\Auth\UserPassBase.php:266 (sspmod_core_Auth_UserPassBase::handleLogin)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 1 D:\Apache24\simplesamlphp\modules\core\www\loginuserpass.php:67 (require)
Jun 07 17:19:42 simplesamlphp ERROR [c461c95622] 0 D:\Apache24\simplesamlphp\www\module.php:127 (N/A)
Jaime Perez Crespo
Jun 7, 2016, 5:35:04 AM6/7/16
to simple...@googlegroups.com
Hi,
It looks like you are trying to sign the SAML responses, but there is a problem with your crypto configuration. Did you specify a valid private key in PEM format, as described in the documentation?:
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
It looks like you are trying to sign the SAML responses, but there is a problem with your crypto configuration. Did you specify a valid private key in PEM format, as described in the documentation?:
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
张菜
Jun 7, 2016, 5:41:42 AM6/7/16
to simple...@googlegroups.com
Thank you for your help.
'privatekey' => 'testSP-IdpKey.pfx','privatekey_pass' => 'password','certificate' => 'testee.cer'This is what I config in saml20-idp-hosted.php.The 'testee.cer' has be in PEM format,but the .pfx file hasn't in the PEM format.Should I encode it in PEM format?
--
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/lC6h4ZQXWlA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at https://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Jaime Perez Crespo
Jun 7, 2016, 5:50:05 AM6/7/16
to simple...@googlegroups.com
Hi,
On 07 Jun 2016, at 11:41 AM, 张菜 <ap03...@gmail.com> wrote:
> Thank you for your help.
> 'privatekey' => 'testSP-IdpKey.pfx','privatekey_pass' => 'password','certificate' => 'testee.cer'
> This is what I config in saml20-idp-hosted.php.The 'testee.cer' has be in PEM format,but the .pfx file hasn't in the PEM format.Should I encode it in PEM format?
That’s what the documentation says:
—8<—
privatekey
Name of private key file for this IdP, in PEM format. The filename is relative to the cert/-directory.
—>8—
On 07 Jun 2016, at 11:41 AM, 张菜 <ap03...@gmail.com> wrote:
> Thank you for your help.
> 'privatekey' => 'testSP-IdpKey.pfx','privatekey_pass' => 'password','certificate' => 'testee.cer'
> This is what I config in saml20-idp-hosted.php.The 'testee.cer' has be in PEM format,but the .pfx file hasn't in the PEM format.Should I encode it in PEM format?
—8<—
privatekey
Name of private key file for this IdP, in PEM format. The filename is relative to the cert/-directory.
—>8—
张菜
Jun 7, 2016, 6:18:52 AM6/7/16
to simple...@googlegroups.com
Thx.I try to encode it in PEM format,but this key file need a passphrase,I don't know how to do .I find a example code which can change pfx/cer to PEM format.
Here is the example code,could you tell me how to do with it ,Thanks !
function signfrompfx($strData,$filePath,$keyPass)
{
if(!file_exists($filePath)) {
return false;
}
$pkcs12 = file_get_contents($filePath);
if (openssl_pkcs12_read($pkcs12, $certs, $keyPass)) {
$privateKey = $certs['pkey'];
$publicKey = $certs['cert'];
$signedMsg = "";
if (openssl_sign($strData, $signedMsg, $privateKey)) {
$signedMsg=bin2hex($signedMsg); //can use base64_encode also
return $signedMsg;
} else {
return '';
}
} else {
return '0';
}
}
Jaime Perez Crespo
Jun 7, 2016, 6:21:58 AM6/7/16
to simple...@googlegroups.com
That code is, apparently, trying to sign some data with a PKCS#12 encoded private key. A simple search in google will tell you how to convert from PKCS#12 to PEM:
http://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl
On 07 Jun 2016, at 12:18 PM, 张菜 <ap03...@gmail.com> wrote:
> Thx.I try to encode it in PEM format,but this key file need a passphrase,I don't know how to do .I find a example code which can change pfx/cer to PEM format.
> Here is the example code,could you tell me how to do with it ,Thanks !
>
> function signfrompfx($strData,$filePath,$keyPass)
> {
> if(!file_exists($filePath)) {
> return false;
> }
>
> $pkcs12 = file_get_contents($filePath);
>
> if (openssl_pkcs12_read($pkcs12, $certs, $keyPass)) {
> $privateKey = $certs['pkey'];
> $publicKey = $certs['cert'];
> $signedMsg = "";
>
> if (openssl_sign($strData, $signedMsg, $privateKey)) {
> $signedMsg=bin2hex($signedMsg); //can use base64_encode also
> return $signedMsg;
> } else {
> return '';
> }
> } else {
> return '0';
> }
> }
http://stackoverflow.com/questions/15413646/converting-pfx-to-pem-using-openssl
On 07 Jun 2016, at 12:18 PM, 张菜 <ap03...@gmail.com> wrote:
> Thx.I try to encode it in PEM format,but this key file need a passphrase,I don't know how to do .I find a example code which can change pfx/cer to PEM format.
> Here is the example code,could you tell me how to do with it ,Thanks !
>
> function signfrompfx($strData,$filePath,$keyPass)
> {
> if(!file_exists($filePath)) {
> return false;
> }
>
> $pkcs12 = file_get_contents($filePath);
>
> if (openssl_pkcs12_read($pkcs12, $certs, $keyPass)) {
> $privateKey = $certs['pkey'];
> $publicKey = $certs['cert'];
> $signedMsg = "";
>
> if (openssl_sign($strData, $signedMsg, $privateKey)) {
> $signedMsg=bin2hex($signedMsg); //can use base64_encode also
> return $signedMsg;
> } else {
> return '';
> }
> } else {
> return '0';
> }
> }
张菜
Jun 7, 2016, 10:29:19 PM6/7/16
to simple...@googlegroups.com
Thanks for your help! I had resolved this error.Thanks!
Reply all
Reply to author
Forward
0 new messages