Issue In Decryption Custom token (SEAToken From) OAM

(Doc ID 2292731.1)

Last updated on NOVEMBER 06, 2017

Applies to:

Oracle Mobile and Social - Version 11.1.2.0.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.0.0 version, Client Enablement: SDKs/Portal

Customer have enabled OAM Mobile & Social service to allow external users to register client brand applications using Facebook & Google where in they are using Mobile & Social SDK (RPClient APIs) to decrypt SEAToken generated in OAM and they have build SDK login in of common services which will Decrypt the token, extract user profile attributes and send user attributes to end web apps. i.e. Once user is authenticated using facebook or Google, OAM generates SEAToken and send it to their service & this service will decrypt & user profile attributes to web apps. 


When implementing they found an issue with decrypt RPClient API is that decryption is failing with below error


ERROR
-----------------------
ERROR 15/May/2017:13:01:07.756 [3b9a:f31919596100c207fd7a78c4] Error Stack Trace == javax.crypto.BadPaddingException: Invalid PKCS#5 padding length: 132
  at iaik.security.cipher.v.b(Unknown Source)
  at iaik.security.cipher.z.b(Unknown Source)
  at iaik.security.cipher.z.engineDoFinal(Unknown Source)
  at javax.crypto.Cipher.doFinal(Cipher.java:2165)
  at oracle.security.idaas.common.sae.AESEncryptor.decrypt(AESEncryptor.java:144)
  at oracle.security.idaas.common.sae.DataEncryptor.decryptWithSymmetricKey(DataEncryptor.java:216)
  at com.suncorp.oam.social.HandleRegistration.baeTokenAttributes(HandleRegistration.java:55)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invok


STEPS: OAM mobile & social service to allow external users to register customer brand applications using Facebook & Google where in are using Mobile & Social SDK (RPClient APIs) to decrypt SEAToken generated in OAM and customer have build SDK login in of common services which will Decrypt the token, extract user profile attributes and send user attributes to end web apps. i.e. Once user is authenticated using facebook or Google, OAM generates seaToken and send it to our service & this service will de crypt & user profile attributes to web apps. For sample have multiple web apps protected with OAM are consuming these services.

ISSUE: Currently the issue with decrypt RPClient API is that decryption is failing with below error when one of IDENTITY-PROVIDERS in OAM is having different shared secret than other identity providers (e.g. for webapp A -created SocialIdentityProvidersForA in OAM and for webapp B -created SocialIdentityProvidersForAppB, issue here is when one of SocialIdentityProviders is set to use different secret then SDK start failing to decrypt.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms