My Oracle Support Banner

" XML decryption operation failed" Error while Decrypting SAML Messages (Doc ID 1550626.1)

Last updated on MAY 30, 2018

Applies to:

Oracle Identity Federation - Version 11.1.2.0 and later
Information in this document applies to any platform.

Symptoms

OIF SP ( OAM 11.1.1.2 ) is not able to decrypt the SAML message from IDP. Following is the exception


<Apr 30, 2013 2:18:59 PM EDT> <Error> <oracle.security.fed.security.SecurityServicesImpl> <FEDSTS-18075> <Decryption operation failed for message sent by provider ID <IDP_INFO> >
<Apr 30, 2013 2:18:59 PM EDT> <Error> <oracle.security.fed.frontend.fed.translator.saml.SAMLProtocolMessageTranslator> <FEDSTS-18075> <Decryption operation failed for message sent by provider ID <IDP_INFO>>
<Apr 30, 2013 2:18:59 PM EDT> <Error> <oracle.security.fed.controller.library.api.FedEngineInstance> <FEDSTS-12080> <RequestHandlerException: {0}
oracle.security.fed.frontend.fed.translator.MsgTranslationException: XML decryption operation failed.
at oracle.security.fed.frontend.fed.translator.saml.SAMLProtocolMessageTranslator.translateMessage(SAMLProtocolMessageTranslator.java:162)
at oracle.security.fed.frontend.fed.requesthandler.profiles.sp.AuthnResponseV20RequestHandler.generateEvent(AuthnResponseV20RequestHandler.java:75)
at oracle.security.fed.controller.frontend.action.RequestHandlerSupport.perform(RequestHandlerSupport.java:14)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:260)
at oracle.security.fed.controller.library.api.FedEngineInstance.processCall(FedEngineInstance.java:164)
at oracle.security.fed.controller.library.api.FedEngineSPInstance.validateAndMapAssertion(FedEngineSPInstance.java:153)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.invokeValidateAndMapAssertion(FedUserAuthenticationPlugin.java:284)
at oracle.security.am.engine.authn.internal.plugin.FedUserAuthenticationPlugin.process(FedUserAuthenticationPlugin.java:162)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:197)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:103)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:267)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:816)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:313)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:589)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:780)
at oracle.security.am.controller.MasterController.process(MasterController.java:701)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:177)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:136)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:134)
at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

 

Changes

The SAML assertion AES-256 encryption. 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.