Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

SAML com.adobe.granite.keystore.KeyStoreNotInitialisedException: Uninitialised system trust store.

Avatar

Employee

Hi,

While configuring AEM 6.1 SAML packge I am receiving error once I get back to /saml_login consumption

com.adobe.granite.keystore.KeyStoreNotInitialisedException: Uninitialised system trust store.

As I see, there are some additional fields added to SAML configuration in AEM 6.1 compared to 5.6.

If anyone can please share what need to be entered to these values and how to get values for same. like IDP Certificate Alias, SP Private Key Alias, Password of keystore and which of these values are mandatory,

any input is welcome.

\Amit

1 Accepted Solution

Avatar

Correct answer by
Level 10

If the documentation is not clear (it looks like that since you stated: so don't really know which certificate to add and where) and leads to mistakes - open a ticket here:

https://helpx.adobe.com/marketing-cloud/experience-manager.html

Log a bug against the docs and get official help for your use case. 

View solution in original post

9 Replies

Avatar

Employee

logs below

02.04.2015 08:39:13.455 *WARN* [qtp1468301140-375] com.adobe.granite.auth.saml.SamlAuthenticationHandler Could not retrieve SP's private key: Uninitialised key store for user authentication-service

02.04.2015 08:39:13.455 *WARN* [qtp1468301140-375] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Avatar

Employee

Yes @smacdonald2008. I did that and I have this working on AEM 5.6 and 6 with sp1 instance earlier but this issue is specific to AEM 6.1 that I am facing. 

Avatar

Employee

I followed steps mentioned at below link and the error is changed from Uninitialised system trust store to Could not read IdP certificate from truststore 

https://helpx.adobe.com/aem-forms/6/configuring-document-services.html#Enabling%20AES-256%20for%20En...

I have received a meta file from IDP containing der certificate and some other settings. so don't really know which certificate to add and where.

 

Any help ??

saml logs list here: 

02.04.2015 14:11:25.006 *ERROR* [qtp1468301140-399] com.adobe.granite.auth.saml.binding.PostBinding Unable to receive SAML message. Could not read IdP certificate from truststore.
02.04.2015 14:11:25.006 *ERROR* [qtp1468301140-399] com.adobe.granite.auth.saml.SamlAuthenticationHandler SAML response parameter was not provided or invalid.
02.04.2015 14:11:25.015 *WARN* [qtp1468301140-399] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Avatar

Correct answer by
Level 10

If the documentation is not clear (it looks like that since you stated: so don't really know which certificate to add and where) and leads to mistakes - open a ticket here:

https://helpx.adobe.com/marketing-cloud/experience-manager.html

Log a bug against the docs and get official help for your use case. 

Avatar

Level 3

Just curious if this was resolved...?  I am facing the same issue.

Avatar

Level 10
  Have you followed this online article http://adobeaemclub.com/setting-saml-authentication/ We are going to look into setting up Ask the experts on this use case. Too many questions.

Avatar

Employee

Please follow below tutorial to set additional configuration for 6.1:

http://www.aemstuff.com/blogs/july/saml.html

After making these changes this should work.

Avatar

Level 3

Yes, I'm aware of the articles suggested and have followed their steps.  To be more accurate, we had SAML set up and working by following these instructions.  But, at some point (I'm not sure when/why) it has broken and now we just receive the uninitialised system trust store error.  It's not entirely clear to me what the error means; I have created the trust store and can still view it.  How does it become initialized?  Does it ever need to be "re-initialized", for instance after a system change, hot fix install, etc?  Also, thought I would try removing and re-creating the trust store but I can not figure out how to remove it.  Is there a way?