"Illegal key size" Error while Decrypting SAML Messages (Doc ID 1527128.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

Client IdP is sending encrypted SAML assertion using AES-256 encryption. When OIF (as SP) is decrypting the SAML, user receives a 500 error. Logs are reporting that the key size is illegal. Log snippet below.

Error:
[2013-02-05T10:33:23.918-06:00] [wls_oif1] [TRACE] [] [oracle.security.fed.sec.crypto.enc.DomXmlDecrypter] [tid: [ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 004pFn4gYgpEWN7hVHU^Kc0003Ll003bdJ,0:1] [SRC_CLASS: oracle.security.fed.sec.crypto.enc.DomXmlDecrypter] [APP: OIF#11.1.1.2.0] [SRC_METHOD: decryptElement] [URI: /fed/sp/authnResponse20] oracle.security.xmlsec.enc.XECipherException: Illegal key size
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms