SimpleSAML_Error_Exception: Error decrypting assertion: Unable to load private key from file

[Tommy Peterson]

At first blush this seems like a simple issue. But for whatever reason it isn't. I have my cert and private key in the simplesamlphp certs/ directory. The cert is 755. The key is 700. Both are owned by root and group root which is the Apache user. The IDP's cert is in here. It is 755 and owned by root/group root as well. No one can log in because of this error.

The only reason I moved them in this simplesamlphp cert directory was because I got the same error when I used the full path to the regular linux/apache/ssl directory.

Any suggestions? Thoughts?

[Peter Schober]

* Tommy Peterson <stpe...@gmail.com> [2015-08-31 17:19]:

The above doesn't really allow to rule out file system permissions as
the issue. Are you sure PHP processes (or httpd processes with mod_php
embedded) run as root on your machine? While doing that is possible it
would be disasterous security, of course, as any PHP code/exploit
would then potentially lead to a full machine/root compromise.

If you're certain it's not permissions then maybe it's the wrong key
after all. Your second paragraph about moving some certificate from
"the regular linux/apache/ssl" seems to indicate that you're
confusing/conflating the certificate used for TLS web server with a
certificate that has the public key for protection of SAML protocol
messages.

-peter

[Tommy Peterson]

perhaps. but I guess I need more info when you say "seems to indicate that you're

confusing/conflating the certificate used for TLS web server with a
certificate that has the public key for protection of SAML protocol
messages. "

do they have to be different? and when you say "public key". . . are you meaning that literally? a literal public key? the documentation suggestions  a private key that the sp maintains and checks the encrypted message returned from the IDP.

if the two must be different is this really a simple matter of a self signed cert for an SP? Or does it have to have a authority behind it? When the docs suggest a self signed cert I just assumed that that was for testing/dev purposes.

[Nate Klingenstein]

> do they have to be different?

No, they don’t need to be different. We often recommend that it should be different because of the expiration requirements typically in commercially rooted TLS certificates.

> and when you say "public key". . . are you meaning that literally? a literal public key? the documentation suggestions a private key that the sp maintains and checks the encrypted message returned from the IDP.

Well, it’s the public key loaded by the IdP, which typically comes from the metadata provided by the SP. The SP uses the corresponding private key to decrypt it. It’s just generic asymmetric encryption.

I think that Peter was suggesting that if the public key used by the IdP for initial encryption doesn’t match the private key used for decryption, then this could hypothetically be a misleading error message.

simpleSAMLphp may load public keys in order to select private keys rather than iterating through all the private keys it has knowledge of, but I don’t know.

> if the two must be different is this really a simple matter of a self signed cert for an SP? Or does it have to have a authority behind it? When the docs suggest a self signed cert I just assumed that that was for testing/dev purposes.

I think the reason is likely to be the one stated in my first sentence, but I didn’t write it.

[Tommy Peterson]

So where does this private key come in? I used this->https://simplesamlphp.org/docs/stable/saml:sp to create the configuration in config/authresources.php for my SP? Of course I gave the IDP holder the xml download. They gave me their certificate which I pointed to in the metadata for a remotely hosted idp using this -> https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-remote

Where does this public key come from (I didn't create one) and I didn't point to one?

Of course I have created key autheentication with linux boxes before. I had to create a public key with Putty, for example, and then load it on the remote linux box. I maintained the private key on my desktop. Then I just logged in with a user ID. Key based authentication.

But while I have created several SSO's with simplesaml I have never used different certs than the server certificate and I have never created or pointed to a public key. The SSO's work. So I'm confused.

I checked with the sys admin. We are not using "root" user for apache services. I changed the ownership owner for the key/certs. But the IDP is still reporting the same key/decryption issue.

[Tommy Peterson]

Never mind. I did indeed turn out to be the apache owner was incorrect. The user and I got our updates/testing mixed up. So when he thought he tested it after I changed the ownr of the key and reported the same error he had not. So trying one last time out of desperation proved successful--it was that I used "root" as the owner instead of the actual apache user as the key file owner.

[Peter Schober]

* Tommy Peterson <stpe...@gmail.com> [2015-08-31 18:45]:

> do they have to be different?

They have no relation whatsosever (other than both using X.509):
One key pair is for TLS between web browsers and your web server, the
other is for end-to-end security (not merely securing at the transport
layer) of SAML protocol messages.
Trust in the former comes from a signature by a commercial CA who
bought their way into your OS' or browser's trust strore, trust in the
latter comes from having those (public) keys themselfs available in
pre-exchanged SAML metadata, at least per MetaIOP,
https://wiki.oasis-open.org/security/SAML2MetadataIOP
That also means using self-signed certificates for securing of SAML
messages is perfectly fine, not just for testing purposes. The SSP
documentation is complete and documents secure best practices in this
regard.
So there's no reason to re-use your TLS keys for SAML usage.
-peter