Skip to Content.
Sympa Menu

shibboleth-dev - Re: Shibboleth SP - Handling Encrypted Assertions

Subject: Shibboleth Developers

List archive

Re: Shibboleth SP - Handling Encrypted Assertions


Chronological Thread 
  • From: Scott Cantor <>
  • To:
  • Subject: Re: Shibboleth SP - Handling Encrypted Assertions
  • Date: Wed, 12 Mar 2008 00:01:40 -0400

Is your SP running with more than one key? The logging sequence is odd, because that exception message normally would either indicate the wrong key was used to attempt decryption, or some other error occured (which would be logged ahead of that message).

Even if the wrong key was used, the code's not expecting that result. There are two spots where that exception message is thrown, and one of them just doesn't fit. The other one happens if the result of a decryption attempt returns an unexpected number of decrypted bytes (<0), so I may have misread the documentation (i.e. the code) in the xmlsec library for the decryption method.

But if your SP is running with one key and it matches what the IdP encrypted the symmetric key with, there's probably a crypto bug, which is unlikely to be fixable by me, at least in a Shibboleth capacity.

I don't think the problem is with the lack of the KeyInfo. That would cause other errors to show up if it literally couldn't come up with a key to try (namely "Unable to resolve any key decryption keys.").

-- Scott



Archive powered by MHonArc 2.6.16.

Top of Page