Error creating SP metadata when adding X509 certificate for encryption

Tom Scavo trscavo at
Mon Feb 26 18:45:16 EST 2018

On Mon, Feb 26, 2018 at 6:33 PM, Lipscomb, Gary <glipscomb at> wrote:
> 2018-02-27 10:10:38,718 - ERROR [org.springframework.webflow.execution.ActionExecutionException:76] -
> org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters at a1be63e in state 'OutboundContextsAndSecurityParameters' of flow 'SAML2/Unsolicited/SSO' -- action execution attributes were 'map[[empty]]'
>         at org.springframework.webflow.execution.ActionExecutor.execute(
> Caused by: org.cryptacular.StreamException: IO error
>         at org.cryptacular.util.CertUtil.readCertificate(
> Caused by: Short read of DER length
>         at

The certificate is faulty. I copy-and-pasted the certificate into a
file and ran openssl:

$ openssl x509 -text -noout -in junk.pem
unable to load certificate

Perhaps you should let them update their metadata with an appropriate


More information about the users mailing list