Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10926

[GSS](7.1.0) SP can not parse SAML response if namespace is declared in root element

XMLWordPrintable

      If the namespace xenc is declared in the root element of SAML response, SP throws the following exception:

      2017-05-16 17:12:24,703 ERROR [org.picketlink.common] (default task-23) Service Provider could not handle the request.: org.picketlink.common.exceptions.ProcessingException: PL00102: Processing Exception:
              at org.picketlink.common.DefaultPicketLinkLogger.processingError(DefaultPicketLinkLogger.java:174)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:554)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:480)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler.handleStatusResponseType(SAML2AuthenticationHandler.java:142)
              at org.picketlink.identity.federation.web.process.SAMLHandlerChainProcessor.callHandlerChain(SAMLHandlerChainProcessor.java:67)
              at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.processHandlersChain(ServiceProviderSAMLResponseProcessor.java:106)
              at org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor.process(ServiceProviderSAMLResponseProcessor.java:88)
              at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAML2Response(SPFormAuthenticationMechanism.java:530)
              at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.handleSAMLResponse(SPFormAuthenticationMechanism.java:313)
              at org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.authenticate(SPFormAuthenticationMechanism.java:275)
              at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:244)
              at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:230)
              at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:124)
              at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
              at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
              at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
              at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
              at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
              at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
              at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
              at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
              at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
              at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
              at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
              at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
              at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
              at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
              at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
              at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
              at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: ParsingException [location=null]org.picketlink.common.exceptions.ParsingException: PL00074: Parsing Error:The prefix "xenc" for element "xenc:EncryptedData" is not bound.
              at org.picketlink.common.DefaultPicketLinkLogger.parserError(DefaultPicketLinkLogger.java:490)
              at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:217)
              at org.picketlink.identity.federation.api.saml.v2.response.SAML2Response.convert(SAML2Response.java:512)
              at org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$SPAuthenticationHandler.decryptAssertion(SAML2AuthenticationHandler.java:534)
              ... 37 more
      Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 2721; The prefix "xenc" for element "xenc:EncryptedData" is not bound.
              at org.apache.xerces.parsers.DOMParser.parse(DOMParser.java:245)
              at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:298)
              at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
              at org.picketlink.common.util.DocumentUtil.getDocument(DocumentUtil.java:213)
              ... 39 more
      

              psilva@redhat.com Pedro Igor Craveiro
              rhn-support-hokuda Hisanobu Okuda
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: