问题
I have only one JDK installed in my machine and the code is pointing to the same JDK. I have installed unlimited strength cryptography library in both the folders(C:\Program Files\Java\jdk1.6.0_25\jre\lib\security and C:\Program Files\Java\jre6\lib\security).
I keep getting the same exception even after adding the above mentioned unlimited strength library. This is in continuation to other ticket link
Exception:
Caused by: java.security.InvalidKeyException: Key is too long for unwrapping
at com.sun.crypto.provider.RSACipher.engineUnwrap(DashoA13*..)
at javax.crypto.Cipher.unwrap(DashoA13*..)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 46 more
41 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedKey, valid decryption key could not be resolved
42 [http-8080-1] ERROR org.opensaml.xml.encryption.Decrypter - Failed to decrypt EncryptedData using either EncryptedData KeyInfoCredentialResolver or EncryptedKeyResolver + EncryptedKey KeyInfoCredentialResolver
42 [http-8080-1] ERROR org.opensaml.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content
SAML Encrypted assertion
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_b789fe1577b7a52846f0de3a53504b54" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_a55df022fc577a2523dea6dde1bb2d78" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE= </ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>CPKpuy59EbLdJxoWtOEXlVG7nJkn2B4wk7seQ0VVK4+DbMZWqW9F+GLPtqQPMbVS99nPON9YCiNbpLpUlqE8JvZOQ2tyf5H5d7+kAF/QqaTPJjYC9SzI6dbLkB6O+EJZY6981iUkJtuUvs+B0649BwnKf9ByNoHePEKZeN6Ws9YNB15xrc5aTGqLVzW/bUTgOGPpZDPyeHYoqWRhDg6/2uYfvglMnN5t/mlGzLxsGJbF8WMdfIf2tYbGoDUfs5SgXtsvZPEm81WEenPJz/iE4PR0ih//in/h9+RmpfEfLw3A==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>5MRv+ee2XjfYNJeLOiuBi+quq9Vz7fE60JRzvXODQ9w4Y/czcWM/vYVoyX8/+n/27UIw4IyP0+en7H8ylOpJwNJC62Ur4GM3pAWde6Q9t4ZrjCu0yN3oX9v+0TVCJ8NKBGoyoIIbW5WljQob2NArvJc6z53gKzNYwYdYwMz7pcdJ0d0qpb11cphpNzWOONmmV6OZxnUOrGVceY+KvIOqHWmkvhPLW0d5J2C2nua/EWIq7+MWCAIHBnCGacTF+gaz6zO10lSHpFIm6dXfhIivSf9ZYye+I3dDOIMDeFN2UtXCRpG1OjGc4QqZ3HiDQ1ownjNE6L6HRQYgyarLc4Jrb3ftXzPl6Q47/T4QYgeM+tuk7nTJV5sCDji4WzZ7fG5syAXOCI49GdAhlTpanqBE3pzl8eRaLQEfrgMtQngvJDk03DcgGYjtdsflZZpHVqo++uHmOjjB/vC7hBwpOZEARA8m0o+EmHVU2QRUjWEFMmu1flKr+tl1+AMcnAR8prNGjEYttwBJ06G/1Ad25xqE8N0NMFabJGgOn/MP3T0+ZvzuzFXR+m3peKvlwdlsRTBBQeUpmEFcBN6Ls1UlP576VN1XYWPYblZ3qjqO2Qkfrxx79TaN69X8gkcJ/WJ3Wzj3UTToSgd7oXF2kOMdKwg66aijs5ToqZQOJCCazS9YyZrIV8/TvVQSd5S01H660BsZMvJvKUM0GNWqD7QHjDrU0GLAYKQDE+QouMJkf1E1STXq8rkgD9A8o9bNaWZoM2TQnJ7AmOXw1Nms9+Old3HRhnXurC2+MgiRFy70iA50F/OtiWE08aQYGiHeGDyVEXGvrroVWmPYBKvEjycVGkVADe0ICVD41wZEw7F/FmaBkx/wHKYXu9DoN3SFdMSo7fouFBZMCqMNY2Sodo70ALad/uC72AVx20urKXIoXpPlzzXYtWYm9nG7pLHWnrPMxbDZPcJPLGBzOeqmqcbPU/MQ765soVHQ6TR3sZe5Go5Smaauump4PAP1bLeewh1RKKDN5jKjD01R9Wzl34ithvgToi5pUpSNBTsbFpdN4fsg1c78yxXC3qr051/VngWK4SdxqDjdvAMWMSNvIOOsKBYqHN0sabQD/zD0XclH2MarDe3udBULr+eCrU5qkGXClg+e7fvpAYV6yUXCnrn5Uq1WrpUMWffyzWwJnlgiWtIlCy8wV/YDXFQ0QR3hET02H4JiHRKABrHTx9/MTQJPqHdv7eNxmTQj8bEjZcTygMxec5RQLr06/ontMtktgZCjQopBs5Sg10N0Rc0foMxo42X2ceCdkxHGMTndMEEBsJEfTLSLX86InW2S+omXZkiUrmdQsgUzF04waiuYyYPufkgaFdH1n7lTGjpH6nZsbKYILQJemEdfSFqHoCIZqtVrLdiTP+b1doZjKGZ/Dha7syL3ctvrj1ingjpjYYXEfEQIod6+fr7DP/fN5GF/qYWoYDXW+tBDMatcEBy7v52f8vcKrnl6j3qqD9MoejOarS/LABdqVq7r0X8R3ApbDrK/UQFijAEgZi467CMk4pLjpsVTljehGEcyo55cRpyz6G7Nak1c35pNK4vFtC3QeIgjWs4JwCRWo8QFIBUqe5yiNlRhnh7uZ9fx9UNSeJ4zle0Ixtby/Az2TUJoBsbIN+Gj9eeQIhAIR7st6fLboRptE6zX/ZDWzii2z99rWLts5F0aatQsbToD7QQgDGKJIybt5bAKQh8cWQ2DaCDPKhxHCYlHn4p5xPHjU0MaXhpwcbWZlPJJed2ZrFY0klUoYSdse3vw0BmFv0xm3Z4IfGQ3M5ZbKpUEbGKugqgD9PSviQdRtj9tIQVylA+MVOimxnTcmr2j5k8RfEA1hN7I5oo5M/kmXttebED36mzpHaW7opGY7fgjLMdR3aebMX5eBI2TmtvAYbFM3ZLjHgFEtikl8ETzRwWZQAq/1wpYHyIJSf1KAZXnauo72allx+QhoYOSZ1W1dt2Y9ldr5DC9o+8BPrxWMUOtP1EE4J0d3lZ6Dxj0a1ae8NNpSOy1ARu78GE2uU0RKmUYo45VsxEJN91gNe53zVrlpjNPx2vlGDJi5YtFk3I/wXNHpz/rxml9mMjcy7gEC+KLX36LO0BuL1+lM1S2nWCEl1XYUQHKGX5pnBuFr5F9thZRmXFKcQbdA1o5tX1Pn6R4ffI27uxQSS5VHCcLl02EMDpafReouXDK6lk8k0GlUJHJPEqku0x3v1ijIuQpWb2tZ/LFgTD36WRhjK+Q1kxs0JyrpHSX+SRwEVbMZ6EDur6ijQBimvTMHkZo1jzfyfPqBJW41R5QomWxk5RPyfnY5Ew4+qgVRIb4bx+Oe9T9Z9DmlqEoBn/jb9GNDY3RnLxKpHD9k/0XEV71kzXye8LumiBFKsH7PIBBeNmt3QmvBPkTIf52s7giivaE77jw/I/lVdvay8BewHYALZnxtda+VcoVKVML+NAosdhLSFjbQY8I6vFK8YzcYRRw+fejPBOoSgE2OXnGQyD8VfHTSPUVKLqG91Ekn77D1rG5TUfHGY2RKAEqsxHeFIt4akXf1nSmItaRcMLGZbTN+PMVA7IlHCekgAoRhlCcemgFEQEc5zP5+mWuunLQM9qbw3U5aHiyuigdUqpZqYe/9Se6MIN1VHcR2Wrayz8Ut1j4sZKVYTgNpvfYaU63+HXYqSzKDLiBKm0dCmDTUwrUY3IGhX27jDUZj9BaNV3vCNZqXawDZky7ZAugRM5Be6lSOBaCDf2cgJPcL1E30FoCqER8Oi22ScXSFurzWf3rwC5V9nC++B163qQTZqKb5eurGYxPuo6CFps481DdxNfhpYAkHC4akoXpnJevuIXNF95EiZBIzzQ4KGZTgdVH97UrBNA9gmcJBu8jGSXl5bFRYPqIx9bpC8bHtMrU586TTl8sQbP95X76ZKcKb9YRaKsr3MMkxD4L45KJ+vqsYnLYBOUMj2dbp8c//rsSHP2WfWC+s/K58hLab7TqH/LE8vaJeg3PC8CMPbv1r2onUlWfG8fs7a5FRX67I5vbXrKn2ZYjGFrLLx8wWPhs1mQPqDzHn+CnOYqApW0ZhSFyAi7yEkyt+7AKS+0L0W2mYiEqq+iLuw6Vp3JuQ23Gx+jCbtBUq+VY7z7uGIrl+hmfYPRBj2HcTud0kfScOT6I4rmHxBvoCc5vHm+5cOzgzR6fpbN+PZzT3G2D35dSzAeDlrLaxSXiTDUAivR7i6ufxv7ma+IitCVxImbqSW0zI/RJrA6VcvOWG9CNq2jV65/mc4qmGcreihUeqHgpa9wcVrsGndA0C5EIS7F5LxOjZyrOCmyXG8MukF1KavD+y4RUKu8HMbPP1DO/10ZRmXARJKTdfG3npjnpy4QZc72tsfoY1XBZkceclVuNpQJrWfX3WPg5x9iEUSoRVg+hgGuQ2UQYeOVOvXgyMysz34du6HdDCl9n4gL3h57fkakZ1lIIVvrl6ZVGkfZEjp8vy2RY6cSNOIPUasDPoMuzsLG5yuw6yAPd7Xs3X15ezpncAk3fMphTFZ0WeL7sW66QVjvSMZa94DoeiqLjzFbr9upglWVOv8DA2hfkbpaLGVF8foAcLtvDsWFjpy5FoJrvZYEHOSLcY4KLU0YC7UFP/DkyxM9aBSa8A3NgONUvEm2jP02YhsCv1V1o/WJvQyJ9KZQUO+BrEA6h4MHZ+kWed8RoJ7NNIwIXQIYKtXC3c2UjpKBpWkRKhSukxOYfRvNonhV/LPT8xQuzBuoiybLCy5vfX/d8U24/it8vPZmnyoITWs5ask+K1ahOgChe2WFs0xuPmEXIAuu3FOsfEsFO8rqPe2pfUMCzU3ysN8lbznPWbN97RUOr8zXs4bmNbUB1nHiA0toP9VO/4h+XrZOF48c5mSYJ7+dATrHVOn3kOgD4cE7Z9qkJ86NzT5gLrpdjSTrHcJuOTwO/o7n9VLtohHMndAxlHuRHtF5g+pOXV2sMczfnPEpJydl1ehGWBoXXsccpeva6vRMiJH/vjECaY6Dou4UvF7yP7zc8X1k+F78LDfHkSnx6BBbdYmA47VhKDget+6xq3wcrWipnzZ5zQgbPD4FLU6ZWPotuQGIUE03SQ8LYmzvqXLPV48HGQKzjL3uJ6cpfYkw51VF4tQ9jDetTuYiwgQt8Qd3xycL8WmylgDR8fld9UQehfUZYx8hyVLLykBrsu0Z/c6il5QIqVORNk98bJiAvNGnQm8eL1yOBPtwa3mCHbiJ01HuhhSbc+pcWhSgJ1REwbWqerUGFuv4x/V4dJOLldXdCzFKjDIQO2Cc57le5WFjljeh8zPV40RIR4Y0JKPtTW70n3DRVH0JcxEk6cpjy/oF+oE1DaZYUODbwpXmQX4h80RkNrVumixEdaEerRrQ9Go80lNU/kXQ8oV86w86Xu0Ov9lLLuSwVVoB5nS3Py4cCGHfUTtLcZL/uNt9VGEIoM3UVOF7rdMZEbHpXh7HlQ2LFztZ1Z15xNQjIV/adpquS6HSduCXVo8VlRQIa3lXDB2w7/+tkCyBHrwFn2ZTLzxFLv9jTwJjg9sXWxs6zLg52zU9cYiRvPE/yCawOeE6wbihRPgjw7cnbmtZ/R95i13DRcxxWLWgpw4Y0xqNlHP830p/w/GivsPJ5QQ8nULbfKRjTBu8i6wFRuy/pfpZ3wkCUOk5iFtHqBZV/AaRZXIpw0MYbvmtbZwcIet6TOE/7xFnycwhh06sxMtpvAaEKghamCdLsiPnXnSJGGqAW1qd6u54TTrIdQdVzQ6TRLIfTOVcEe051971V41xZQQg8ROMhZCOn3di/FDHeYcTExzEAi04pQ9BmE6wGQHUkExDpxp4gveQLRKMTW3CQdE7kwFB6qAU2XOy+2n4CkHj8K8zVtnMWUHRuXYNGR9whN8lEyQgEAY0evcD0xlSjeEA7KcexkDWyYtWWRbYsPEQHmOj97926scdd+6HP3voPJeS6XAwnPbhNO9N3L77kLPmwo05W2dyfg9zdL1INblETfksDuCQ/P2RWU1BaLH9h18oi23g8n05K4XPdycle2UQcYf156AKBVVkhG++4TTD/xWqoHzffb8XtARGC7cdZphiSE58d/UfkrAqek7+Sd6Dqgu2JXlxR159xlULb92KLnKHMIPGJG9mYIzlk/H4BRSj/hAoIxPDMXfcM8r96iC/AKKaQmGx+FZ4HDj9O0xiBNlOBIorPrGhL+6WwSZW4LCQ3GOvxYOwYPd4gecThadR5+h7EF99O75X+HHyTLdzUveHOe5F9vKW9TYFRMtwA4lj7WTKFpEJf7FOeV3zG+U4juingOHxqK1RgqGDMnHaHLgKzm17iauw2deA1GL/bLiB5PR1BzPMJtgoOdBYHhv0fBioxrskwF6r6E+9rQ1jC35YIKNfPUehM6IVgobSqMFC47Q9+0j7NXlt6XYQ9Ys9gWr9g9G23WLzCKO97mTGmGXP2IOtfTfQx9NYGuYj1vtlcC+PY3KF9WVhxq1mtdx2e60obnzF5jqMx1GnZFyTM79AbJwpGCfMBbOkWopr3YynLdTBpm72kmg6biXWbb5KFckSSGKWqkHWn4LgwCoWjXr8TwcoMhLNpNlirXWZYyxFwR/n0MvT7Du44Rak+eNw+f7uATRInHoOp9gMukfzYoiMPcEeadlq+3cEYg/EGmiIbASEx/A3guJPI1Zh9mlXeDXr1W5UqyIAsMjwGoktd5LKJK56RNFCZeyOLurvd5/lHofxsM+7sxhkgBjng6+221BxsXDsjNe7b7xymRqGZmxnIBYl2DqDJx+gA+y51kfJvoz6z22hcfPEL6V7LOPu3V0JC04TbdnV71YVAbnmU2qWY8+YFoBYUX18R2qC8GESzXL01/CDM6owVFxJ6nKObZ/dwt93s2EYoMMquW2nc1cfqd6t1LvOzoPAo2FftTerCZmYOx4nAf6mEDsbarURsspmmGiN9WToPR5ee9YVOhpO7YZP7Wj11ZbfiFrsCEUPLqlS0FHz8oDgRGp8KEnFd6+H+saeMWSSZ8yJ/Klwaz1ATrIVAd2Bb0Hd3vq4ExaJ+RCfB+BfIJr+OwGJPOB5nNmcv/WQkZWKPnWOeMBoBvg8NMpsUDiglTCNy/kHKe7Ln9hHVdjH/ID0E4K7bDh5KG2GJcNP1P4Vb33Ed8db9vGy1lDRKZvtkABxjEsia2mpLAWcg4fMkS41QBzGffFf9qtljLUKoGa1EKJCl8+BclJp6JAe97dTNNg9LXfHsxQFSM7z9TsBD7Vmrjwv0QbQaEd/TdWntavFEeC1y7PLuJYg2fsYOkpRXXUW/YV9EDKgE5nQtRXywTEcyrKLQGlhecaGnRlUkKG0g7ORCb/vABeJRItazaXi2LVacRKMrzDHPWzElmok+dkPg6gDg8KTMOQiWZhLAXdMbc1M2iBjBl5uKsHBDFX86orZlRELSaXEbGKBUi2k8lnBW3WpLKdgY2+TUpDd+OxUK7v1zhOYw1zZtDdIgje84vJ2wQGHpNu7UNE2KcLKi7uG/0TKS9lkkGr9W1DHqvZ9irQmJ403ld+r5lrnSUbq6Yv+xYdi/aLsm+lagyt4XW6vaez7bGSaK3ESPBgmK47OiEUPHQbRlILCydalaWoZyU2fzI87ZAJ36fpRPWtBwe2tqJ4AE+koz3PBulsGlU7KUsR2ndGuzPc0gK1DSL5n+BW0Fs=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
Can anyone look into this issue which I am facing and provide a solution?
回答1:
You are most likely trying to decrypt the encrypted content with wrong key. In other words, IDP is likely encrypting data with a public key which does not correspond to the private key in your SP. You can find details on these concepts in public key cryptography wikipedia article.
Once you generate private key + public key + certificate for your Service Provider instance (= Spring SAML installation), you must provide the generated public key to your IDP. This is typically done by creating metadata document describing your SP (which is by default auto-generated, download it from scheme://host:port/appcontext/saml/metadata, e.g. http://localhost:8080/spring_saml/saml/metadata) and providing it to the IDP. The metadata document contains the X509 certificate with public key for your SP and is used by IDP to encrypt data sent to your SP.
回答2:
@vschafer Can you please verify and let me know if the following steps followed are correct??
- I have created a JKS file with the following public keys and private keys
a. Public key of IDP 509 certificate using the crt file shared by IDP to validate their metadata XML
keytool -importcert -alias adfssigningIDP -keystore samlKeystore.jks -file IDP-metadata-signer-2012.crt (samplePrivateKeyPass is given as keystore password)
b. Public key of SP 509 certificate which is registered by us with the IDP
keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file SP-Metadata.crt
c. private key of SP with RSA as signing algorithm
keytool -genkeypair -alias privatekeyalias -keypass samplePrivateKeyPass -keystore C:\Users\user\Desktop\samlKeystore.jks -keyalg RSA -sigalg SHA1WithRSA
(SP-Metadata.crt is retrieved from IDP website where the service provider is registered.)
IMPORTED CREATED JKS FILE USING KEY MANAGER CONFIGURATION
<bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<constructor-arg value="classpath:security/samlKeystore.jks"/>
<constructor-arg type="java.lang.String" value="samplePrivateKeyPass"/>
<constructor-arg>
<map>
<entry key="privatekeyalias" value="samplePrivateKeyPass"/>
</map>
</constructor-arg>
<constructor-arg type="java.lang.String" value="privatekeyalias"/>
</bean>
SP METADATA CONFIGURATION
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="sslHostnameVerification" value="default"/>
<property name="signMetadata" value="true"/>
<property name="signingKey" value="privatekeyalias"/>
<property name="encryptionKey" value="privatekeyalias"/>
<property name="requireArtifactResolveSigned" value="false"/>
<property name="requireLogoutRequestSigned" value="false"/>
<property name="requireLogoutResponseSigned" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
<property name="idpDiscoveryURL" value="http://localhost:8080/app/saml/discovery"/>
<property name="idpDiscoveryResponseURL" value="http://localhost:8080/app/saml/login?disco=true"/>
</bean>
Apart from the above mentioned steps, I have even installed unlimited strength cryptography for JRE7 as well.
Inspite, I keep getting the following exception
org.apache.xml.security.encryption.XMLEncryptionException: Unwrapping failed
Original Exception was java.security.InvalidKeyException: Unwrapping failed
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1479)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:697)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:628)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:783)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:524)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:442)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:403)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:199)
at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:84)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.mobile.device.DeviceResolverRequestFilter.doFilterInternal(DeviceResolverRequestFilter.java:60)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: Unwrapping failed
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:431)
at javax.crypto.Cipher.unwrap(Cipher.java:2466)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 46 more
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadOAEP(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:427)
来源:https://stackoverflow.com/questions/26237273/spring-saml-key-is-too-long-for-unwrapping-invalidkeyexception