Unable to do sso or federation

This topic has 3 replies, 2 voices, and was last updated 3 years, 3 months ago by Peter Major.

  • Author
  • #25770

    Below is the error. The keystore has privatekey entry for the cert and correct alias in the server defaults. Any thoughts on what the disconnect is?

    ERROR: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    libSAML2:05/09/2019 05:45:30:333 PM UTC: Thread[https-jsse-nio-8443-exec-9,5,main]: TransactionId[608a518f-58ce-4c58-9bc1-1342e4603a0d-129]
    ERROR: FMSigProvider.sign: The private key was null.
    libSAML2:05/09/2019 05:45:30:333 PM UTC: Thread[https-jsse-nio-8443-exec-9,5,main]: TransactionId[608a518f-58ce-4c58-9bc1-1342e4603a0d-129]
    ERROR: UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: Unable to do sso or federation.
    com.sun.identity.saml2.common.SAML2Exception: The private key was null.
    at com.sun.identity.saml2.xmlsig.FMSigProvider.sign(FMSigProvider.java:142)
    at com.sun.identity.saml2.assertion.impl.AssertionImpl.sign(AssertionImpl.java:691)
    at com.sun.identity.saml2.profile.IDPSSOUtil.signAssertion(IDPSSOUtil.java:2500)
    at com.sun.identity.saml2.profile.IDPSSOUtil.signAndEncryptResponseComponents(IDPSSOUtil.java:2576)
    at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponse(IDPSSOUtil.java:730)
    at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:524)
    at org.forgerock.openam.saml2.UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache(UtilProxySAMLAuthenticatorLookup.java:161)
    at com.sun.identity.saml2.profile.IDPSSOFederate.process(IDPSSOFederate.java:242)
    at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:144)
    at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:104)
    at org.apache.jsp.saml2.jsp.idpSSOFederate_jsp._jspService(idpSSOFederate_jsp.java:195)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)

     Peter Major

    The keystore password may be wrong, or the private key’s password is incorrect.


    Validated that the keystore password is correct. The privaet key we are using is based on our company signed cert, which looks good. I am wondering if any certs that come with the keystore are referenced somewhere


    Any thoughts on this?

     Peter Major

    Is the private key entry password protected? Is it the correct password?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?