Failed to decrypt Assertion - Error setting private key
search cancel

Failed to decrypt Assertion - Error setting private key

book

Article ID: 387123

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Randomly (or possibly consistently) for one partnership, assertions fail to be decrypted with these errors in sm trace log.

[Saml2Validator.java][ERROR][sm-FedServer-01030] Exception has occurred, in decryptAssertionInResponse: com.netegrity.SAML2Security.SAML2EncryptDecryptException: Error in SAML2EncryptDecrypt decrypt - failed to decrypt Assertion. encrypt: Error decrypting XML Document.  Exception: Error setting private key. Incorrect private key may have been used for decryption.java.security.InvalidKeyException: unwrapping failed
...
Caused by: org.bouncycastle.crypto.InvalidWrappingException: Unable to unwrap key: input too large for RSA cipher.
...
Caused by: org.bouncycastle.crypto.internal.DataLengthException: input too large for RSA cipher.
...
Caused by: com.netegrity.smkeydatabase.api.XMLDocumentOpsException: encrypt: Error decrypting XML Document.  Exception: Error setting private key. Incorrect private key may have been used for decryption.java.security.InvalidKeyException: unwrapping failed

Cause

Review the SM Trace logs for the error.

[Saml2Validator.java][decryptAssertionInResponse][Encrypted assertion received but no decryption alias configured]

Resolution

This error indicates that the decryption private key alias is not configured in the environment for this partnership.

Check that the decrypt certificate is configured.