IdP Error after upgrading to version 2.4.0

Hall, Gerry gerry.hall at emory.edu
Thu Dec 26 10:37:47 EST 2013 

I am having a problem after upgrading to IdP version 2.4.0 from version 2.3.5 that I hope that someone can offer advice on.

About a month ago, I upgraded my SP's to version  2.5.2.  I tested and all seemed to be fine.  This week I started the upgrade of the IdP's from version 2.3.5 to version 2.4.0. I went thru the steps as documented on the shibboleth wiki, and again all appeared to be fine during the upgrade (no errors).  I then deployed the new 2.4.0 idp.war file.  However, I know get the following error when I try to authenticate using the new 2.4.0 IdP (this is from the idp-process.log).  Rolling back to IdP version 2.3.5, and all works as expected.

This may not be true, but it seems to be a problem related to the cipher.  Has anyone else seem this and if so, can you offer advice on how to resolve?  The IdP is running on RHEL5 (64-bit) and jboss-5.1.0.GA with  java jdk1.6.0_22.

07:44:36.480 - INFO [Shibboleth-Access:73] - 20131226T124436Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|
07:44:55.353 - INFO [Shibboleth-Access:73] - 20131226T124455Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|
07:44:56.013 - ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88] - Error occurred while processing request
java.lang.IllegalArgumentException: unknown parameter type.
at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown Source) ~[bcprov-jdk15-1.46.jar:1.46.0]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at org.apache.xml.security.encryption.XMLCipher.encryptKey(XMLCipher.java:1354) ~[xmlsec.jar!/:na]
at org.apache.xml.security.encryption.XMLCipher.encryptKey(XMLCipher.java:1297) ~[xmlsec.jar!/:na]
at org.opensaml.xml.encryption.Encrypter.encryptKey(Encrypter.java:346) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Encrypter.encryptKey(Encrypter.java:287) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Encrypter.encryptKey(Encrypter.java:263) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:358) ~[opensaml-2.6.0.jar:na]
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) ~[opensaml-2.6.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildResponse(AbstractSAML2ProfileHandler.java:287) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.completeAuthenticationRequest(SSOProfileHandler.java:319) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:173) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:90) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) ~[shibboleth-common-1.4.0.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) [shibboleth-identityprovider-2.4.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:87) [shibboleth-identityprovider-2.4.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) [shibboleth-common-1.4.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [jbossweb.jar!/:na]
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [jbossweb.jar!/:na]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb.jar!/:na]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb.jar!/:na]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) [jbossweb.jar!/:na]
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) [jbossweb.jar!/:na]
at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) [jbossweb.jar!/:na]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) [jbossweb.jar!/:na]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_22]
07:45:17.013 - INFO [Shibboleth-Access:73] - 20131226T124517Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|
07:45:17.070 - INFO [Shibboleth-Access:73] - 20131226T124517Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|

________________________________

This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20131226/5337ef42/attachment-0001.html

More information about the users mailing list