IdP Error after upgrading to version 2.4.0

Hall, Gerry gerry.hall at emory.edu
Fri Dec 27 07:18:14 EST 2013


Update.  This has been resolved and all appears to be working as expected at this time.  The resolution was to downgrade the following jars as indicated in the shibboleth-identityprovider-2.4.0/lib directory and then run the install script.
-  downgraded bcprov-jdk15-1.46.jar to bcprov-jdk15-1.45.jar
-  downgraded xmlsec-1.5.4.jar to xmlsec-1.4.5.jar
-  downgraded xmltooling-1.4.0.jar to xmltooling-1.3.3.jar

Apparently,  the new jars are not compatible with my architecture:  RHEL5, JBoss_5_1_0_GA and /opt/java/jdk1.6.0_22.    In troubleshooting, I did try the install with the latest jdk, but even then I still got the same error. Did not try with RHEL6 or updated version of JBoss.

From: <Hall>, Gerry <gerry.hall at emory.edu<mailto:gerry.hall at emory.edu>>
Date: Thursday, December 26, 2013 10:37 AM
To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: IdP Error after upgrading to version 2.4.0

I am having a problem after upgrading to IdP version 2.4.0 from version 2.3.5 that I hope that someone can offer advice on.

About a month ago, I upgraded my SP's to version  2.5.2.  I tested and all seemed to be fine.  This week I started the upgrade of the IdP's from version 2.3.5 to version 2.4.0. I went thru the steps as documented on the shibboleth wiki, and again all appeared to be fine during the upgrade (no errors).  I then deployed the new 2.4.0 idp.war file.  However, I know get the following error when I try to authenticate using the new 2.4.0 IdP (this is from the idp-process.log).  Rolling back to IdP version 2.3.5, and all works as expected.

This may not be true, but it seems to be a problem related to the cipher.  Has anyone else seem this and if so, can you offer advice on how to resolve?  The IdP is running on RHEL5 (64-bit) and jboss-5.1.0.GA with  java jdk1.6.0_22.

07:44:36.480 - INFO [Shibboleth-Access:73] - 20131226T124436Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|
07:44:55.353 - INFO [Shibboleth-Access:73] - 20131226T124455Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|
07:44:56.013 - ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88] - Error occurred while processing request
java.lang.IllegalArgumentException: unknown parameter type.
at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown Source) ~[bcprov-jdk15-1.46.jar:1.46.0]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at org.apache.xml.security.encryption.XMLCipher.encryptKey(XMLCipher.java:1354) ~[xmlsec.jar!/:na]
at org.apache.xml.security.encryption.XMLCipher.encryptKey(XMLCipher.java:1297) ~[xmlsec.jar!/:na]
at org.opensaml.xml.encryption.Encrypter.encryptKey(Encrypter.java:346) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Encrypter.encryptKey(Encrypter.java:287) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.xml.encryption.Encrypter.encryptKey(Encrypter.java:263) ~[xmltooling-1.4.0.jar:na]
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:358) ~[opensaml-2.6.0.jar:na]
at org.opensaml.saml2.encryption.Encrypter.encrypt(Encrypter.java:258) ~[opensaml-2.6.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildResponse(AbstractSAML2ProfileHandler.java:287) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.completeAuthenticationRequest(SSOProfileHandler.java:319) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:173) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:90) ~[shibboleth-identityprovider-2.4.0.jar:na]
at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) ~[shibboleth-common-1.4.0.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) [shibboleth-identityprovider-2.4.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:87) [shibboleth-identityprovider-2.4.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) [shibboleth-common-1.4.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [jbossweb.jar!/:na]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) [jbossweb.jar!/:na]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [jbossweb.jar!/:na]
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [jbossweb.jar!/:na]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb.jar!/:na]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(Unknown Source) [jboss-web-service.jar!/:5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=20090723)]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb.jar!/:na]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) [jbossweb.jar!/:na]
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) [jbossweb.jar!/:na]
at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) [jbossweb.jar!/:na]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) [jbossweb.jar!/:na]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_22]
07:45:17.013 - INFO [Shibboleth-Access:73] - 20131226T124517Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|
07:45:17.070 - INFO [Shibboleth-Access:73] - 20131226T124517Z|170.140.202.40|login.emory.edu:4443|/profile/SAML2/Redirect/SSO|

________________________________

This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20131227/01dc5622/attachment.html 


More information about the users mailing list