I recently patched one of our 4.1 boxes to 4.1 sp2 and our federated
authentications appear broken. (We are the SP, and an external IDP is
used)

I can see the following exception in the catalina.out just before it
spits out a 300101008

com.novell.nidp.common.xml.w3c.XMLException: No message with ID
"XMLCipher unexpectedly not in DECRYPT_MODE..." found in resource bundle
"org/apache/
xml/security/resource/xmlsecurity"
at
com.novell.nidp.common.xml.w3c.XMLEncryptable.decr ypt(y:2539)
at
com.novell.nidp.common.xml.w3c.XMLEncryptable.doDe crypt(y:3483)
at
com.novell.nidp.saml2.assertion.SAML2EncryptedAsse rtion.getAssertion(y:1358)
at
com.novell.nidp.saml2.protocol.SAML2AssertionRespo nse.getFirstAssertion(y:1381)
at
com.novell.nidp.saml2.protocol.SAML2AuthnResponse. getAssertion(y:1668)
at
com.novell.nidp.saml2.authentication.SAML2Authenti cationHandler.verifyResponse(y:2433)
at
com.novell.nidp.authentication.IDPAuthenticationHa ndler.handleAuthentication(y:1146)
at
com.novell.nidp.saml2.profile.SAML2SSOProfile.proc essResponse(y:644)
at
com.novell.nidp.saml2.profile.SAML2SSOProfile.proc essResponse(y:649)
at
com.novell.nidp.saml2.profile.SAML2Profile.handleI nBoundMessage(y:1754)
at
com.novell.nidp.saml2.profile.SAML2SSOProfile.proc essResponse(y:1073)
at com.novell.nidp.saml2.SAML2Handler.A(y:2765)
at com.novell.nidp.saml2.SAML2Handler.handleRequest(y :1254)
at
com.novell.nidp.saml2.SAML2MeDescriptor.handleRequ est(y:3017)
at com.novell.nidp.servlets.NIDPServlet.myDoGet(y:173 6)
at com.novell.nidp.servlets.NIDPBaseServlet.doGet(y:8 21)
at com.novell.nidp.servlets.NIDPBaseServlet.doPost(y: 3510)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:648)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:729)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:291)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.apache.tomcat.websocket.server.WsFilter.doFilt er(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
com.google.inject.servlet.FilterChainInvocation.do Filter(FilterChainInvocation.java:66)
at
com.google.inject.servlet.FilterDefinition.doFilte r(FilterDefinition.java:168)
at
com.google.inject.servlet.FilterChainInvocation.do Filter(FilterChainInvocation.java:58)
at
com.google.inject.servlet.ManagedFilterPipeline.di spatch(ManagedFilterPipeline.java:118)
at
com.google.inject.servlet.GuiceFilter.doFilter(Gui ceFilter.java:113)
at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:239)
at
org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:219)
at
org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:106)
at
org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:502)
at
org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:142)
at
org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:79)
at
org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:88)
at
org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:518)
at
org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1091)
at
org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:668)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProce ssor.doRun(NioEndpoint.java:1527)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProce ssor.run(NioEndpoint.java:1484)
at
java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$Wrapping Runnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

Any help would be appreciated.


--
klew_otn
------------------------------------------------------------------------
klew_otn's Profile: https://forums.netiq.com/member.php?userid=13265
View this thread: https://forums.netiq.com/showthread.php?t=57423