"Illegal key size" Error while Decrypting SAML Messages
Last updated on MARCH 08, 2017
Applies to:Oracle Identity Federation - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Client IdP is sending encrypted SAML assertion using AES-256 encryption. When OIF (as SP) is decrypting the SAML, user receives a 500 error. Logs are reporting that the key size is illegal. Log snippet below.
[2013-02-05T10:33:23.918-06:00] [wls_oif1] [TRACE]  [oracle.security.fed.sec.crypto.enc.DomXmlDecrypter] [tid: [ACTIVE].ExecuteThread: '9' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 004pFn4gYgpEWN7hVHU^Kc0003Ll003bdJ,0:1] [SRC_CLASS: oracle.security.fed.sec.crypto.enc.DomXmlDecrypter] [APP: OIF#18.104.22.168.0] [SRC_METHOD: decryptElement] [URI: /fed/sp/authnResponse20] oracle.security.xmlsec.enc.XECipherException: Illegal key size
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms