Salt value too short when using NameIDGeneration

Ignacio Amoeiro Bosch ignacio.amoeiro at extern.ibsalut.es
Tue Apr 7 16:09:23 EDT 2020 

Hello,

We are migrating from OpenAthens LA (OALA) to Shibboleth, and we need te generate a NameID and I have tried the PersistentNameIDGenerationConfiguration. The problems comes, when I configure the salt value that was used in OALA, it seems is too short and shibbolth throws an exception when starting.



2020-04-07 19:13:44,499 - WARN [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:551] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SAML2NameIDGenerators': Cannot resolve reference to bean 'shibboleth.SAML2PersistentGenerator' while setting bean property 'sourceList' with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SAML2PersistentGenerator' defined in file [/home/shibboleth/shibboleth-idp/system/conf/saml-nameid-system.xml]: Cannot resolve reference to bean '#{'shibboleth.ComputedPersistentIdGenerator'.trim()}' while setting bean property 'persistentIdGenerator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.ComputedPersistentIdGenerator' defined in file [/home/shibboleth/shibboleth-idp/system/conf/saml-nameid-system.xml]: Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Salt must be at least 16 bytes in size
2020-04-07 19:13:44,503 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:182] - Service 'shibboleth.NameIdentifierGenerationService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SAML2NameIDGenerators': Cannot resolve reference to bean 'shibboleth.SAML2PersistentGenerator' while setting bean property 'sourceList' with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.SAML2PersistentGenerator' defined in file [/home/shibboleth/shibboleth-idp/system/conf/saml-nameid-system.xml]: Cannot resolve reference to bean '#{'shibboleth.ComputedPersistentIdGenerator'.trim()}' while setting bean property 'persistentIdGenerator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.ComputedPersistentIdGenerator' defined in file [/home/shibboleth/shibboleth-idp/system/conf/saml-nameid-system.xml]: Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Salt must be at least 16 bytes in size        at net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:377)


Is posible to configure this restriction?

Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200407/7337afe3/attachment.html>

More information about the users mailing list