Can't get SP3 to accept rsa1.5

Per-Ake Dahl Ejemark perake.dahlejemark at
Fri Sep 21 03:55:17 EDT 2018

This seems to be a recurring problem. I need to whitelist rsa1.5 and I have followed the instructions that I've found, and nothing works.
Yes, I know that it is a weak algorithm but the IDP has decided to use this and I have no means whatsoever to make him change this so let's leave the discussions of whether to use rsa1.5 or not please.

The shibd.log says this.
2018-09-21 09:42:32 WARN XMLTooling.Decrypter [16] [default]: XMLSecurity exception while decrypting key: XSECAlgorithmMapper::mapURIToHandler - URI disallowed by whitelist/blacklist policy
2018-09-21 09:42:32 WARN XMLTooling.Decrypter [16] [default]: unable to decrypt key, generating random key for defensive purposes
2018-09-21 09:42:32 ERROR Shibboleth.SSO.SAML2 [16] [default]: failed to decrypt assertion: XMLSecurity exception while decrypting: OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in final block

I have tried the following.
<AlgorithmBlacklist includeDefaultBlacklist="false"/> This doesn't work

Tried to whitelist it
<AlgorithmWhitelist></AlgorithmWhitelist> This doesn't work

I have searched the documentation for a solution but found nothing. I have searched the net a found no solution.

Am I missing something obvious here?

The project I'm currently working on really depends on this.

Best regards/ Med Vänliga Hälsningar
Per-Åke Dahl Ejemark
System Developer


Holmedal Data AB
Flintvägen 4 | 269 41 Östra Karup | Sweden
Tel: +46 (0)431- 686 55
E-mail: perake.dahlejemark at<mailto:perake.dahlejemark at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1899 bytes
Desc: image001.jpg
URL: <>

More information about the users mailing list