Skip to Content.
Sympa Menu

mace-opensaml-users - RE: decrypting EncryptedAssertion in Browser Post profile use case

Subject: OpenSAML user discussion

List archive

RE: decrypting EncryptedAssertion in Browser Post profile use case


Chronological Thread 
  • From: "Singh, Manish" <>
  • To: <>
  • Subject: RE: decrypting EncryptedAssertion in Browser Post profile use case
  • Date: Tue, 26 Feb 2008 18:03:54 -0500

Title: decrypting EncryptedAssertion in Browser Post profile use case
So in short try passing to the Decrypter constructor:
1st arg - null
2nd arg - a StaticKeyInfoCredentialResolver (with a Credential containing your decryption key pair)
3rd arg - an InlineEncryptedKeyResolver (takes no constructor arguments) 
 
Brent,
 
I modified [Old Code] code below to [New Code] section after that but still the same error (pl. find at the end of email)
 
[Old Code]
PrivateKey privateKey = (PrivateKey)ks.getKey( "cssso", keystorePassword);
 credential = new BasicCredential();
 credential.setPrivateKey(privateKey);
 Decrypter decrypter = new Decrypter(null, new StaticKeyInfoCredentialResolver(credential), new EncryptedElementTypeEncryptedKeyResolver());
 
[NEW Code]
PrivateKey privateKey = (PrivateKey)ks.getKey( "cssso", keystorePassword);
credential = new BasicCredential();
credential.setPrivateKey(privateKey);
Decrypter decrypter = new Decrypter(null, new StaticKeyInfoCredentialResolver(credential), new InlineEncryptedKeyResolver());

I also tried setting both public and private key in BasicCredential but no use. Is BasicCredential right class for this.
I am generating the SAML response from Ping Identity so I am sure about having the right keys to decrypt.
btw I am able to verify the signature.
 
Thanks,
Manish
 
org.opensaml.xml.encryption.DecryptionException: Valid decryption key for EncryptedData could not be resolved
	org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:460)
	org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:378)
	org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:337)
	org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:166)
	org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:96)
	org.apache.jsp.saml3_jsp._jspService(saml3_jsp.java:115)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:384)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)



Archive powered by MHonArc 2.6.16.

Top of Page