Dear Colleagues,
We are facing following error when the user is authenticated on the IDP side and SAML Response is send back to AEM.
Just to clarify - AEM is installed on WebSphere 8.5.5.13 with SDK 1.8_64.
05.12.2018 11:18:41.011 *ERROR* [WebContainer : 4] com.adobe.granite.auth.saml.util.SamlReader Document is invalid: no grammar found.
05.12.2018 11:18:41.012 *ERROR* [WebContainer : 4] com.adobe.granite.auth.saml.util.SamlReader Document root element "Response", must match DOCTYPE root "null".
05.12.2018 11:18:41.022 *ERROR* [WebContainer : 4] com.adobe.granite.auth.saml.util.SamlReader Failed validating signature.
javax.xml.crypto.dsig.XMLSignatureException: java.security.InvalidKeyException: No installed provider supports this key: com.rsa.cryptoj.o.eg
at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:565)
at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:254)
at com.adobe.granite.auth.saml.util.SamlReader.verifySignatures(SamlReader.java:317)
at com.adobe.granite.auth.saml.util.SamlReader.parse(SamlReader.java:236)
at com.adobe.granite.auth.saml.util.SamlReader.read(SamlReader.java:119)
at com.adobe.granite.auth.saml.binding.PostBinding.receive(PostBinding.java:97)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandler.java:738)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticationHandler.java:441)
at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:75)
at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60)
at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:718)
at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:466)
at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:451)
at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:121)
at org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421)
at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57)
at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:124)
at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:61)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at org.apache.felix.http.proxy.ProxyServlet.service(ProxyServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at org.apache.sling.launchpad.base.webapp.SlingServletDelegate.service(SlingServletDelegate.java:286)
at org.apache.sling.launchpad.webapp.SlingServlet.service(SlingServlet.java:174)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1233)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:782)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:481)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1114)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:949)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture$1.run(AsyncChannelFuture.java:205)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.rsa.cryptoj.o.eg
at java.security.Signature$Delegate.chooseProvider(Signature.java:1141)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1174)
at java.security.Signature.initVerify(Signature.java:463)
at org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.verify(DOMSignatureMethod.java:220)
at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:562)
... 41 common frames omitted
05.12.2018 11:18:41.029 *DEBUG* [WebContainer : 4] com.adobe.granite.auth.saml.model.Assertion Invalid Assertion: Signature invalid.
Any idea? Wrong certificate from IDP side or maybe it is matter missing java libraries on WebSphere?
