XMLSecurity exception

Dewberry, James JDewberry at nfp.com
Tue Apr 1 14:37:12 EDT 2014 

Thanks Scott. I didn*t copy the keys over from the older server, and that
was the missing link. Great! Thanks!

Jim

On 3/31/14, 3:42 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:

>On 3/31/14, 2:51 PM, "Dewberry, James" <JDewberry at nfp.com> wrote:
>>
>>But that did not fix the problem. We are now getting this error:
>>2014-03-31 13:28:18 WARN XMLTooling.Decrypter [33]: XMLSecurity exception
>>while decrypting key: OpenSSL:RSA privateKeyDecrypt - Error Decrypting
>>PKCS1_5 padded RSA encrypt
>
>As long as it's not mentioning the algorithm being blacklisted anymore, I
>would assume your change took effect, so that means they're encrypting
>with the wrong key.
>
>>I易m 99% sure their assertions have not changed. Only the SP version has
>>changed.
>
>Well, I can't prove you wrong, all I can say is that the error means your
>key changed or they had the wrong to start with, presumably the latter.
>
>If you built a new server with a new SP, that's going to generate a new
>key, and you obviously need to copy over the old keypair or this is
>exactly what you'd get.
>
>>1. What does that error message mean?
>>2. Is there anything I can do to configure Shibboleth here?
>
>Not that I know of
>
>If you want to create a dummy key for them to encrypt with and provide a
>sample that won't decrypt and provide the private key in a bug report, it
>can certainly be looked at.
>
>>3. We might need to revert back to 2.4.3 temporarily. I saw where I can
>>get the Shibboleth archive, but it doesn易t have the archived
>>dependencies. We moved to a new server, but the old server has been
>>preserved. Is there a folder on the old server that would
>> have correct dependency versions that we could copy?
>
>I don't know which dependencies you mean, but everything has been archived
>that I'm aware of, including RPM packages and the Windows installers. The
>Mac port might be a problem I guess.
>
>-- Scott
>
>
>--
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net


**********************************************************************
This e-mail may contain information that is privileged, confidential or protected under state or federal law. If you are not an intended recipient of this email, please delete it, notify the sender immediately, and do not copy, use or disseminate any information in the e-mail. Pursuant to IRS Circular 230, any tax advice in this email may not be used to avoid any penalties imposed under U.S. tax laws. E-mail sent to or from this e-mail address may be monitored, reviewed and archived.

More information about the users mailing list