We are trying to setup SAML on AEM 5.6.1 for one of our client. We are facing an issue while using the private key. We have generated the private key using OpenSSO using the below commands.
openssl genrsa -out SP-server.pem 2048
openssl rsa -in SP-server.pem -pubout > SP-public-server.pem
openssl req -new -key SP-server.pem -out SP-server.csr
openssl x509 -req -days 365 -in SP-server.csr -signkey SP-server.pem -out SP-server.crt
openssl pkcs8 -topk8 -inform PEM -outform DER -in SP-server.pem -nocrypt > SP-server.PKCS8.key
I have uploaded the key using CURL .But when I access the path set to the SAML auth I am getting the below error.
CURL:
C:\curl -u admin:admin -F priv
ate=\<sp.pem -F private@TypeHint=Binary http://localhost:4502
/etc/key/saml
testing/test1.html HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials 26.02.2015 14:14:35.455 *INFO* [74.202.85.210 [1424978075454] GET /content/test/en_US/saml-testing/test1.html HTTP/1.1] servletengine Servlet threw exception: java.lang.RuntimeException: Error reading private key at com.adobe.granite.auth.saml.impl.SlingKeyProvider.getDecryptionKey(SlingKeyProvider.java:123) at com.adobe.granite.auth.saml.configuration.SpConfiguration.getDecryptionKey(SpConfiguration.java:79) at com.adobe.granite.auth.saml.SamlAuthenticationHandler.requestCredentials(SamlAuthenticationHandler.java:367) at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doRequestCredentials(AuthenticationHandlerHolder.java:83) at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.requestCredentials(AbstractAuthenticationHandlerHolder.java:83) at org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:527) at org.apache.sling.auth.core.impl.SlingAuthenticator.doLogin(SlingAuthenticator.java:1032) at org.apache.sling.auth.core.impl.SlingAuthenticator.getAnonymousResolver(SlingAuthenticator.java:872) at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:478) at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:438) at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:148) at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:272) at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:91) at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:79) at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:42) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:49) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:127) at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:88) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:76) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:55) at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:88) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:76) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:263) at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:88) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:76) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.wink.osgi.JaxRsFilter.doFilter(JaxRsFilter.java:80) at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:88) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:76) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:179) at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:88) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:76) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:78) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.sling.engine.impl.log.RequestLoggerFilter.doFilter(RequestLoggerFilter.java:75) at org.apache.felix.http.base.internal.handler.FilterHandler.doHandle(FilterHandler.java:88) at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:76) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:47) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:33) at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:48) at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:39) at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.day.j2ee.servletengine.ServletRuntimeEnvironment.service(ServletRuntimeEnvironment.java:250) at com.day.j2ee.servletengine.RequestDispatcherImpl.doFilter(RequestDispatcherImpl.java:321) at com.day.j2ee.servletengine.RequestDispatcherImpl.service(RequestDispatcherImpl.java:340) at com.day.j2ee.servletengine.RequestDispatcherImpl.service(RequestDispatcherImpl.java:383) at com.day.j2ee.servletengine.ServletHandlerImpl.process(ServletHandlerImpl.java:335) at com.day.j2ee.servletengine.HttpListener$Worker.run(HttpListener.java:644) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.spec.InvalidKeySpecException: Invalid RSA private key encoding. at com.rsa.cryptoj.o.n.b(Unknown Source) at com.rsa.cryptoj.o.n.engineGeneratePrivate(Unknown Source) at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) at com.adobe.granite.auth.saml.impl.SlingKeyProvider.getDecryptionKey(SlingKeyProvider.java:115) ... 60 more
Please let me know if I am missing anything or this is a bug.
