我的机器中只安装了一个JDK,代码指向同一个JDK。我在两个文件夹中安装了无限强度加密库(C:\ Program Files \ Java \ jdk1.6.0_25 \ jre \ lib \ security和C:\ Program Files \ Java \ jre6 \ lib \ security)。
即使在添加上述无限强度库之后,我仍然会遇到相同的异常。这是继续其他票证link
例外:
Caused by: java.security.InvalidKeyException: Key is too long for unwrapping
at com.sun.crypto.provider.RSACipher.engineUnwrap(DashoA13*..)
at javax.crypto.Cipher.unwrap(DashoA13*..)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 46 more
41 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
42 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
42 [http-8080-1] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content
SAML加密断言
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_b789fe1577b7a52846f0de3a53504b54" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_a55df022fc577a2523dea6dde1bb2d78" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE= </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>CPKpuy59EbLdJxoWtOEXlVG7nJkn2B4wk7seQ0VVK4+DbMZWqW9F+GLPtqQPMbVS99nPON9YCiNbpLpUlqE8JvZOQ2tyf5H5d7+kAF/QqaTPJjYC9SzI6dbLkB6O+EJZY6981iUkJtuUvs+B0649BwnKf9ByNoHePEKZeN6Ws9YNB15xrc5aTGqLVzW/bUTgOGPpZDPyeHYoqWRhDg6/2uYfvglMnN5t/mlGzLxsGJbF8WMdfIf2tYbGoDUfs5SgXtsvZPEm81WEenPJz/iE4PR0ih//in/h9+RmpfEfLw3A==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>5MRv+ee2XjfYNJeLOiuBi+quq9Vz7fE60JRzvXODQ9w4Y/czcWM/vYVoyX8/+n/27UIw4IyP0+en7H8ylOpJwNJC62Ur4GM3pAWde6Q9t4ZrjCu0yN3oX9v+0TVCJ8NKBGoyoIIbW5WljQob2NArvJc6z53gKzNYwYdYwMz7pcdJ0d0qpb11cphpNzWOONmmV6OZxnUOrGVceY+KvIOqHWmkvhPLW0d5J2C2nua/EWIq7+MWCAIHBnCGacTF+gaz6zO10lSHpFIm6dXfhIivSf9ZYye+I3dDOIMDeFN2UtXCRpG1OjGc4QqZ3HiDQ1ownjNE6L6HRQYgyarLc4Jrb3ftXzPl6Q47/T4QYgeM+tuk7nTJV5sCDji4WzZ7fG5syAXOCI49GdAhlTpanqBE3pzl8eRaLQEfrgMtQngvJDk03DcgGYjtdsflZZpHVqo++uHmOjjB/vC7hBwpOZEARA8m0o+EmHVU2QRUjWEFMmu1flKr+tl1+AMcnAR8prNGjEYttwBJ06G/1Ad25xqE8N0NMFabJGgOn/MP3T0+ZvzuzFXR+m3peKvlwdlsRTBBQeUpmEFcBN6Ls1UlP576VN1XYWPYblZ3qjqO2Qkfrxx79TaN69X8gkcJ/WJ3Wzj3UTToSgd7oXF2kOMdKwg66aijs5ToqZQOJCCazS9YyZrIV8/TvVQSd5S01H660BsZMvJvKUM0GNWqD7QHjDrU0GLAYKQDE+QouMJkf1E1STXq8rkgD9A8o9bNaWZoM2TQnJ7AmOXw1Nms9+Old3HRhnXurC2+MgiRFy70iA50F/OtiWE08aQYGiHeGDyVEXGvrroVWmPYBKvEjycVGkVADe0ICVD41wZEw7F/FmaBkx/wHKYXu9DoN3SFdMSo7fouFBZMCqMNY2Sodo70ALad/uC72AVx20urKXIoXpPlzzXYtWYm9nG7pLHWnrPMxbDZPcJPLGBzOeqmqcbPU/MQ765soVHQ6TR3sZe5Go5Smaauump4PAP1bLeewh1RKKDN5jKjD01R9Wzl34ithvgToi5pUpSNBTsbFpdN4fsg1c78yxXC3qr051/VngWK4SdxqDjdvAMWMSNvIOOsKBYqHN0sabQD/zD0XclH2MarDe3udBULr+eCrU5qkGXClg+e7fvpAYV6yUXCnrn5Uq1WrpUMWffyzWwJnlgiWtIlCy8wV/YDXFQ0QR3hET02H4JiHRKABrHTx9/MTQJPqHdv7eNxmTQj8bEjZcTygMxec5RQLr06/ontMtktgZCjQopBs5Sg10N0Rc0foMxo42X2ceCdkxHGMTndMEEBsJEfTLSLX86InW2S+omXZkiUrmdQsgUzF04waiuYyYPufkgaFdH1n7lTGjpH6nZsbKYILQJemEdfSFqHoCIZqtVrLdiTP+b1doZjKGZ/Dha7syL3ctvrj1ingjpjYYXEfEQIod6+fr7DP/fN5GF/qYWoYDXW+tBDMatcEBy7v52f8vcKrnl6j3qqD9MoejOarS/LABdqVq7r0X8R3ApbDrK/UQFijAEgZi467CMk4pLjpsVTljehGEcyo55cRpyz6G7Nak1c35pNK4vFtC3QeIgjWs4JwCRWo8QFIBUqe5yiNlRhnh7uZ9fx9UNSeJ4zle0Ixtby/Az2TUJoBsbIN+Gj9eeQIhAIR7st6fLboRptE6zX/ZDWzii2z99rWLts5F0aatQsbToD7QQgDGKJIybt5bAKQh8cWQ2DaCDPKhxHCYlHn4p5xPHjU0MaXhpwcbWZlPJJed2ZrFY0klUoYSdse3vw0BmFv0xm3Z4IfGQ3M5ZbKpUEbGKugqgD9PSviQdRtj9tIQVylA+MVOimxnTcmr2j5k8RfEA1hN7I5oo5M/kmXttebED36mzpHaW7opGY7fgjLMdR3aebMX5eBI2TmtvAYbFM3ZLjHgFEtikl8ETzRwWZQAq/1wpYHyIJSf1KAZXnauo72allx+QhoYOSZ1W1dt2Y9ldr5DC9o+8BPrxWMUOtP1EE4J0d3lZ6Dxj0a1ae8NNpSOy1ARu78GE2uU0RKmUYo45VsxEJN91gNe53zVrlpjNPx2vlGDJi5YtFk3I/wXNHpz/rxml9mMjcy7gEC+KLX36LO0BuL1+lM1S2nWCEl1XYUQHKGX5pnBuFr5F9thZRmXFKcQbdA1o5tX1Pn6R4ffI27uxQSS5VHCcLl02EMDpafReouXDK6lk8k0GlUJHJPEqku0x3v1ijIuQpWb2tZ/LFgTD36WRhjK+Q1kxs0JyrpHSX+SRwEVbMZ6EDur6ijQBimvTMHkZo1jzfyfPqBJW41R5QomWxk5RPyfnY5Ew4+qgVRIb4bx+Oe9T9Z9DmlqEoBn/jb9GNDY3RnLxKpHD9k/0XEV71kzXye8LumiBFKsH7PIBBeNmt3QmvBPkTIf52s7giivaE77jw/I/lVdvay8BewHYALZnxtda+VcoVKVML+NAosdhLSFjbQY8I6vFK8YzcYRRw+fejPBOoSgE2OXnGQyD8VfHTSPUVKLqG91Ekn77D1rG5TUfHGY2RKAEqsxHeFIt4akXf1nSmItaRcMLGZbTN+PMVA7IlHCekgAoRhlCcemgFEQEc5zP5+mWuunLQM9qbw3U5aHiyuigdUqpZqYe/9Se6MIN1VHcR2Wrayz8Ut1j4sZKVYTgNpvfYaU63+HXYqSzKDLiBKm0dCmDTUwrUY3IGhX27jDUZj9BaNV3vCNZqXawDZky7ZAugRM5Be6lSOBaCDf2cgJPcL1E30FoCqER8Oi22ScXSFurzWf3rwC5V9nC++B163qQTZqKb5eurGYxPuo6CFps481DdxNfhpYAkHC4akoXpnJevuIXNF95EiZBIzzQ4KGZTgdVH97UrBNA9gmcJBu8jGSXl5bFRYPqIx9bpC8bHtMrU586TTl8sQbP95X76ZKcKb9YRaKsr3MMkxD4L45KJ+vqsYnLYBOUMj2dbp8c//rsSHP2WfWC+s/K58hLab7TqH/LE8vaJeg3PC8CMPbv1r2onUlWfG8fs7a5FRX67I5vbXrKn2ZYjGFrLLx8wWPhs1mQPqDzHn+CnOYqApW0ZhSFyAi7yEkyt+7AKS+0L0W2mYiEqq+iLuw6Vp3JuQ23Gx+jCbtBUq+VY7z7uGIrl+hmfYPRBj2HcTud0kfScOT6I4rmHxBvoCc5vHm+5cOzgzR6fpbN+PZzT3G2D35dSzAeDlrLaxSXiTDUAivR7i6ufxv7ma+IitCVxImbqSW0zI/RJrA6VcvOWG9CNq2jV65/mc4qmGcreihUeqHgpa9wcVrsGndA0C5EIS7F5LxOjZyrOCmyXG8MukF1KavD+y4RUKu8HMbPP1DO/10ZRmXARJKTdfG3npjnpy4QZc72tsfoY1XBZkceclVuNpQJrWfX3WPg5x9iEUSoRVg+hgGuQ2UQYeOVOvXgyMysz34du6HdDCl9n4gL3h57fkakZ1lIIVvrl6ZVGkfZEjp8vy2RY6cSNOIPUasDPoMuzsLG5yuw6yAPd7Xs3X15ezpncAk3fMphTFZ0WeL7sW66QVjvSMZa94DoeiqLjzFbr9upglWVOv8DA2hfkbpaLGVF8foAcLtvDsWFjpy5FoJrvZYEHOSLcY4KLU0YC7UFP/DkyxM9aBSa8A3NgONUvEm2jP02YhsCv1V1o/WJvQyJ9KZQUO+BrEA6h4MHZ+kWed8RoJ7NNIwIXQIYKtXC3c2UjpKBpWkRKhSukxOYfRvNonhV/LPT8xQuzBuoiybLCy5vfX/d8U24/it8vPZmnyoITWs5ask+K1ahOgChe2WFs0xuPmEXIAuu3FOsfEsFO8rqPe2pfUMCzU3ysN8lbznPWbN97RUOr8zXs4bmNbUB1nHiA0toP9VO/4h+XrZOF48c5mSYJ7+dATrHVOn3kOgD4cE7Z9qkJ86NzT5gLrpdjSTrHcJuOTwO/o7n9VLtohHMndAxlHuRHtF5g+pOXV2sMczfnPEpJydl1ehGWBoXXsccpeva6vRMiJH/vjECaY6Dou4UvF7yP7zc8X1k+F78LDfHkSnx6BBbdYmA47VhKDget+6xq3wcrWipnzZ5zQgbPD4FLU6ZWPotuQGIUE03SQ8LYmzvqXLPV48HGQKzjL3uJ6cpfYkw51VF4tQ9jDetTuYiwgQt8Qd3xycL8WmylgDR8fld9UQehfUZYx8hyVLLykBrsu0Z/c6il5QIqVORNk98bJiAvNGnQm8eL1yOBPtwa3mCHbiJ01HuhhSbc+pcWhSgJ1REwbWqerUGFuv4x/V4dJOLldXdCzFKjDIQO2Cc57le5WFjljeh8zPV40RIR4Y0JKPtTW70n3DRVH0JcxEk6cpjy/oF+oE1DaZYUODbwpXmQX4h80RkNrVumixEdaEerRrQ9Go80lNU/kXQ8oV86w86Xu0Ov9lLLuSwVVoB5nS3Py4cCGHfUTtLcZL/uNt9VGEIoM3UVOF7rdMZEbHpXh7HlQ2LFztZ1Z15xNQjIV/adpquS6HSduCXVo8VlRQIa3lXDB2w7/+tkCyBHrwFn2ZTLzxFLv9jTwJjg9sXWxs6zLg52zU9cYiRvPE/yCawOeE6wbihRPgjw7cnbmtZ/R95i13DRcxxWLWgpw4Y0xqNlHP830p/w/GivsPJ5QQ8nULbfKRjTBu8i6wFRuy/pfpZ3wkCUOk5iFtHqBZV/AaRZXIpw0MYbvmtbZwcIet6TOE/7xFnycwhh06sxMtpvAaEKghamCdLsiPnXnSJGGqAW1qd6u54TTrIdQdVzQ6TRLIfTOVcEe051971V41xZQQg8ROMhZCOn3di/FDHeYcTExzEAi04pQ9BmE6wGQHUkExDpxp4gveQLRKMTW3CQdE7kwFB6qAU2XOy+2n4CkHj8K8zVtnMWUHRuXYNGR9whN8lEyQgEAY0evcD0xlSjeEA7KcexkDWyYtWWRbYsPEQHmOj97926scdd+6HP3voPJeS6XAwnPbhNO9N3L77kLPmwo05W2dyfg9zdL1INblETfksDuCQ/P2RWU1BaLH9h18oi23g8n05K4XPdycle2UQcYf156AKBVVkhG++4TTD/xWqoHzffb8XtARGC7cdZphiSE58d/UfkrAqek7+Sd6Dqgu2JXlxR159xlULb92KLnKHMIPGJG9mYIzlk/H4BRSj/hAoIxPDMXfcM8r96iC/AKKaQmGx+FZ4HDj9O0xiBNlOBIorPrGhL+6WwSZW4LCQ3GOvxYOwYPd4gecThadR5+h7EF99O75X+HHyTLdzUveHOe5F9vKW9TYFRMtwA4lj7WTKFpEJf7FOeV3zG+U4juingOHxqK1RgqGDMnHaHLgKzm17iauw2deA1GL/bLiB5PR1BzPMJtgoOdBYHhv0fBioxrskwF6r6E+9rQ1jC35YIKNfPUehM6IVgobSqMFC47Q9+0j7NXlt6XYQ9Ys9gWr9g9G23WLzCKO97mTGmGXP2IOtfTfQx9NYGuYj1vtlcC+PY3KF9WVhxq1mtdx2e60obnzF5jqMx1GnZFyTM79AbJwpGCfMBbOkWopr3YynLdTBpm72kmg6biXWbb5KFckSSGKWqkHWn4LgwCoWjXr8TwcoMhLNpNlirXWZYyxFwR/n0MvT7Du44Rak+eNw+f7uATRInHoOp9gMukfzYoiMPcEeadlq+3cEYg/EGmiIbASEx/A3guJPI1Zh9mlXeDXr1W5UqyIAsMjwGoktd5LKJK56RNFCZeyOLurvd5/lHofxsM+7sxhkgBjng6+221BxsXDsjNe7b7xymRqGZmxnIBYl2DqDJx+gA+y51kfJvoz6z22hcfPEL6V7LOPu3V0JC04TbdnV71YVAbnmU2qWY8+YFoBYUX18R2qC8GESzXL01/CDM6owVFxJ6nKObZ/dwt93s2EYoMMquW2nc1cfqd6t1LvOzoPAo2FftTerCZmYOx4nAf6mEDsbarURsspmmGiN9WToPR5ee9YVOhpO7YZP7Wj11ZbfiFrsCEUPLqlS0FHz8oDgRGp8KEnFd6+H+saeMWSSZ8yJ/Klwaz1ATrIVAd2Bb0Hd3vq4ExaJ+RCfB+BfIJr+OwGJPOB5nNmcv/WQkZWKPnWOeMBoBvg8NMpsUDiglTCNy/kHKe7Ln9hHVdjH/ID0E4K7bDh5KG2GJcNP1P4Vb33Ed8db9vGy1lDRKZvtkABxjEsia2mpLAWcg4fMkS41QBzGffFf9qtljLUKoGa1EKJCl8+BclJp6JAe97dTNNg9LXfHsxQFSM7z9TsBD7Vmrjwv0QbQaEd/TdWntavFEeC1y7PLuJYg2fsYOkpRXXUW/YV9EDKgE5nQtRXywTEcyrKLQGlhecaGnRlUkKG0g7ORCb/vABeJRItazaXi2LVacRKMrzDHPWzElmok+dkPg6gDg8KTMOQiWZhLAXdMbc1M2iBjBl5uKsHBDFX86orZlRELSaXEbGKBUi2k8lnBW3WpLKdgY2+TUpDd+OxUK7v1zhOYw1zZtDdIgje84vJ2wQGHpNu7UNE2KcLKi7uG/0TKS9lkkGr9W1DHqvZ9irQmJ403ld+r5lrnSUbq6Yv+xYdi/aLsm+lagyt4XW6vaez7bGSaK3ESPBgmK47OiEUPHQbRlILCydalaWoZyU2fzI87ZAJ36fpRPWtBwe2tqJ4AE+koz3PBulsGlU7KUsR2ndGuzPc0gK1DSL5n+BW0Fs=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
任何人都可以研究我面临的这个问题并提供解决方案吗?
答案 0 :(得分:3)
您最有可能尝试使用错误的密钥解密加密的内容。换句话说,IDP可能使用公钥加密数据,该公钥与SP中的私钥不对应。您可以在public key cryptography wikipedia article。
中找到有关这些概念的详细信息为服务提供商实例(= Spring SAML安装)生成私钥+公钥+证书后,必须将生成的公钥提供给您的IDP。这通常通过创建描述您的SP的元数据文档(默认情况下自动生成,从scheme://host:port/appcontext/saml/metadata下载,例如http://localhost:8080/spring_saml/saml/metadata)并将其提供给IDP来完成。元数据文档包含带有SP公钥的X509证书,并由IDP用于加密发送到SP的数据。
答案 1 :(得分:0)
@vschafer 如果以下步骤正确,请您验证并告诉我吗?
一个。使用IDP共享的crt文件验证其元数据XML的IDP 509证书的公钥
keytool -importcert -alias adfssigningIDP -keystore samlKeystore.jks -file IDP-metadata-signer-2012.crt ( samplePrivateKeyPass 作为密钥库密码提供)
湾我们使用IDP注册的SP 509证书的公钥
keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file SP-Metadata.crt
℃。 SP的私钥与RSA作为签名算法
keytool -genkeypair -alias privatekeyalias -keypass samplePrivateKeyPass -keystore C:\ Users \ user \ Desktop \ samlKeystore.jks -keyalg RSA -sigalg SHA1WithRSA
(从服务提供商注册的IDP网站检索SP-Metadata.crt。)
使用主管理器配置导入创建的JKS文件
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="samplePrivateKeyPass"/>
<constructor-arg>
<map>
<entry key="privatekeyalias" value="samplePrivateKeyPass"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="privatekeyalias"/>
</bean>
SP METADATA CONFIGURATION
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="sslHostnameVerification" value="default"/>
<property name="signMetadata" value="true"/>
<property name="signingKey" value="privatekeyalias"/>
<property name="encryptionKey" value="privatekeyalias"/>
<property name="requireArtifactResolveSigned" value="false"/>
<property name="requireLogoutRequestSigned" value="false"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL" value="http://localhost:8080/app/saml/discovery"/>
<property name="idpDiscoveryResponseURL" value="http://localhost:8080/app/saml/login?disco=true"/>
</bean>
除了上述步骤之外,我甚至还为JRE7安装了无限强度加密技术。
尽管如此,我仍然收到以下异常
org.apache.xml.security.encryption.XMLEncryptionException: Unwrapping failed
Original Exception was java.security.InvalidKeyException: Unwrapping failed
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1479)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:697)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:199)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.mobile.device.DeviceResolverRequestFilter.doFilterInternal(DeviceResolverRequestFilter.java:60)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: Unwrapping failed
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:431)
at javax.crypto.Cipher.unwrap(Cipher.java:2466)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 46 more
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadOAEP(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:427)