IdP3 - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters

Mathew, Sunil smathew at hbs.edu
Sat Aug 6 07:46:41 UTC 2022


Hi,

I am getting the following error when SP is trying to reach IdP before the login screen:

2022-06-29 05:15:38,124 - WARN [org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver:221] - Validation failure: Failed to resolve both a data and a key encryption credential
2022-06-29 05:15:38,125 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:330] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2022-06-29 05:15:38,125 - WARN [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:343] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2022-06-29 05:15:38,128 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:184] - Error event InvalidSecurityConfiguration will be handled with response

Here is the SAML request:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ID="_98a448573be60ae73a3cc5ca7017fa4416c9e103dd"
                    Version="2.0"
                    IssueInstant="2022-08-06T07:40:11Z"
                    Destination="https://sso.hbsstg.org/idp/profile/SAML2/Redirect/SSO"
                    AssertionConsumerServiceURL="https://sso.kaltura.com/s/module.php/saml/sp/saml2-acs.php/1892511_kmc"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    >
    <saml:Issuer>https://sso.kaltura.com/s/module.php/saml/sp/metadata.php/1892511_kmc</saml:Issuer>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        AllowCreate="true"
                        />
</samlp:AuthnRequest>


Here is the SAML response:

<saml2p:Response

       xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"

       Destination="https://sso.kaltura.com/s/module.php/saml/sp/saml2-acs.php/1892511_kmc<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsso.kaltura.com%2Fs%2Fmodule.php%2Fsaml%2Fsp%2Fsaml2-acs.php%2F1892511_kmc&data=05%7C01%7Csmathew%40hbs.edu%7C04951d39f9ca4fe1fd4408da762d66c1%7C09fd564ebf4243218f2db8e482f8635c%7C0%7C0%7C637952234617969099%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SMHlGXe5erv3xzz1mGerX%2BSjAENRYZn0v2s2wAPcES8%3D&reserved=0>"

       ID="_48dea80281a6ef656cb46f21e43af33d"

       InResponseTo="_9470e28be2aee1e294581042b83bb7d79d27d4730b"

       IssueInstant="2022-06-27T18:04:53.676Z" Version="2.0">

       <saml2:Issuer

              xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sso.hbsstg.org/idp/shibboleth</saml2:Issuer<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsso.hbsstg.org%2Fidp%2Fshibboleth%253c%2Fsaml2%3AIssuer&data=05%7C01%7Csmathew%40hbs.edu%7C04951d39f9ca4fe1fd4408da762d66c1%7C09fd564ebf4243218f2db8e482f8635c%7C0%7C0%7C637952234618125311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4nTZqlnuyUgDuIVKwV8feouEiqvveYMJbk%2BaWOUm7MU%3D&reserved=0>>

       <saml2p:Status>

              <saml2p:StatusCode

                     Value="urn:oasis:names:tc:SAML:2.0:status:Responder"></saml2p:StatusCode>

              <saml2p:StatusMessage>An error occurred.</saml2p:StatusMessage>

       </saml2p:Status>

</saml2p:Response>

Here is the vendor metadata:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sso.kaltura.com/s/module.php/saml/sp/metadata.php/1892511_kmc">

  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">

    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sso.kaltura.com/s/module.php/saml/sp/saml2-logout.php/1892511_kmc"/>

    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.kaltura.com/s/module.php/saml/sp/saml2-acs.php/1892511_kmc" index="0"/>

    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sso.kaltura.com/s/module.php/saml/sp/saml1-acs.php/1892511_kmc" index="1"/>

    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sso.kaltura.com/s/module.php/saml/sp/saml2-acs.php/1892511_kmc" index="2"/>

    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sso.kaltura.com/s/module.php/saml/sp/saml1-acs.php/1892511_kmc/artifact" index="3"/>

    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="https://sso.kaltura.com/s/module.php/saml/sp/saml2-acs.php/1892511_kmc" index="4"/>

  </md:SPSSODescriptor>

  <md:ContactPerson contactType="technical">

    <md:GivenName>Administrator</md:GivenName>

    <md:EmailAddress>rnd.application.dev at kaltura.com</md:EmailAddress>

  </md:ContactPerson>

</md:EntityDescriptor>


The vendor is only signing (not encrypting) the request. Can anyone please let me know what could be the issue?


Regards,
Sunil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220806/4ecd4fc9/attachment.htm>


More information about the users mailing list