<div dir="ltr"><div>The signature algorithm is DSA_SHA1.</div><div><br></div>Note: Sorry, didn't reply all.<br><br><div class="gmail_quote"><div dir="ltr">On Tue, May 3, 2016 at 5:02 PM Bill Burke <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>What signature algorithm is configured?<br>
</p></div><div bgcolor="#FFFFFF" text="#000000">
<br>
<div>On 5/3/2016 10:59 AM, Emanuel Couto
wrote:<br>
</div>
</div><div bgcolor="#FFFFFF" text="#000000"><blockquote type="cite">
<div dir="ltr">I'm getting the following error when trying to
connect to a SAML 2.0 identity provider:
<div><br>
</div>
<div>
<div>15:57:50,387 ERROR [org.keycloak.services] (default
task-27) couldNotSendAuthenticationRequestMessage:
org.keycloak.broker.provider.IdentityBrokerException: Could
not create authentication request.</div>
<div> at
org.keycloak.broker.saml.SAMLIdentityProvider.performLogin(SAMLIdentityProvider.java:124)</div>
<div> at
org.keycloak.services.resources.IdentityBrokerService.performLogin(IdentityBrokerService.java:157)</div>
<div> at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</div>
<div> at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)</div>
<div> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div> at
java.lang.reflect.Method.invoke(Method.java:497)</div>
<div> at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)</div>
<div> at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)</div>
<div> at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)</div>
<div> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)</div>
<div> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)</div>
<div> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)</div>
<div> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)</div>
<div> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)</div>
<div> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)</div>
<div> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)</div>
<div> at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)</div>
<div> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)</div>
<div> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)</div>
<div> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88)</div>
<div> at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)</div>
<div> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)</div>
<div> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)</div>
<div> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)</div>
<div> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)</div>
<div> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)</div>
<div> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)</div>
<div> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)</div>
<div> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)</div>
<div> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)</div>
<div> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)</div>
<div> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)</div>
<div> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)</div>
<div> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)</div>
<div> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)</div>
<div> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)</div>
<div> at java.lang.Thread.run(Thread.java:745)</div>
<div>Caused by:
org.keycloak.saml.common.exceptions.ProcessingException:
javax.xml.crypto.dsig.XMLSignatureException: PL00100:
Signing Process Failure:</div>
<div> at
org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.signSAMLDocument(SAML2Signature.java:162)</div>
<div> at
org.keycloak.saml.BaseSAML2BindingBuilder.signDocument(BaseSAML2BindingBuilder.java:266)</div>
<div> at
org.keycloak.saml.BaseSAML2BindingBuilder$BasePostBindingBuilder.<init>(BaseSAML2BindingBuilder.java:145)</div>
<div> at
org.keycloak.protocol.saml.JaxrsSAML2BindingBuilder$PostBindingBuilder.<init>(JaxrsSAML2BindingBuilder.java:38)</div>
<div> at
org.keycloak.protocol.saml.JaxrsSAML2BindingBuilder.postBinding(JaxrsSAML2BindingBuilder.java:87)</div>
<div> at
org.keycloak.broker.saml.SAMLIdentityProvider.performLogin(SAMLIdentityProvider.java:119)</div>
<div> ... 48 more</div>
<div>Caused by: javax.xml.crypto.dsig.XMLSignatureException:
PL00100: Signing Process Failure:</div>
<div> at
org.keycloak.saml.common.DefaultPicketLinkLogger.signatureError(DefaultPicketLinkLogger.java:184)</div>
<div> ... 54 more</div>
<div>Caused by: javax.xml.crypto.dsig.XMLSignatureException:
java.security.InvalidKeyException: can't identify DSA
private key.</div>
<div> at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:403)</div>
<div> at
org.keycloak.saml.processing.core.util.XMLSignatureUtil.signImpl(XMLSignatureUtil.java:624)</div>
<div> at
org.keycloak.saml.processing.core.util.XMLSignatureUtil.sign(XMLSignatureUtil.java:347)</div>
<div> at
org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.sign(SAML2Signature.java:143)</div>
<div> at
org.keycloak.saml.processing.api.saml.v2.sig.SAML2Signature.signSAMLDocument(SAML2Signature.java:160)</div>
<div> ... 53 more</div>
<div>Caused by: java.security.InvalidKeyException: can't
identify DSA private key.</div>
<div> at
org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil.generatePrivateKeyParameter(Unknown
Source)</div>
<div> at
org.bouncycastle.jcajce.provider.asymmetric.dsa.DSASigner.engineInitSign(Unknown
Source)</div>
<div> at
java.security.Signature$Delegate.init(Signature.java:1152)</div>
<div> at
java.security.Signature$Delegate.chooseProvider(Signature.java:1112)</div>
<div> at
java.security.Signature$Delegate.engineInitSign(Signature.java:1176)</div>
<div> at
java.security.Signature.initSign(Signature.java:527)</div>
<div> at
org.apache.jcp.xml.dsig.internal.dom.DOMSignatureMethod.sign(DOMSignatureMethod.java:267)</div>
<div> at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:399)</div>
<div> ... 57 more</div>
</div>
<div><br>
</div>
<div>I don't understand this error.</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote></div><div bgcolor="#FFFFFF" text="#000000"><blockquote type="cite"><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div></div>