SAML authentication: NullPointerException at JCEMapper.getJCEKeyAlgorithmFromURI

Owned by Former user (Deleted)
2019-09-25
1 min read

Problem

Using external authentication method with SAML protocol fails when returning back to Ubisecure SSO IDP with the following error message in Tomcat logs.

java.lang.NullPointerException
        at com.ubisecure.externals.apache.xml.security.algorithms.JCEMapper.getJCEKeyAlgorithmFromURI(JCEMapper.java:127)

Solution

This error is usually caused by the algorithm used to encrypt the authentication response not being supported by SSO. Ubisecure SSO for now uses XMLSec version 1.4.5, and the external authenticator service must be configured to send the response using one of the supported algorithms.

For block encryption SSO supports the following: http://www.w3.org/2001/04/xmlenc#tripledes-cbc http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes192-cbc http://www.w3.org/2001/04/xmlenc#aes256-cbc

For key encryption SSO supports the following: http://www.w3.org/2001/04/xmlenc#rsa-1_5 http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p 


See the following for more detailed information https://github.com/apache/santuario-java/blob/1.4.5/src/org/apache/xml/security/resource/config.xml


Ubisecure Privacy Policy & Cookie Statement