1 Reply Latest reply on Jan 25, 2017 7:34 AM by pradhap1125

"SigningKey cannot be null" when using keystore file in the sample apps

mitusingh27 Mar 1, 2013 2:27 AM

I installed and setup Picketlink for working with SAML. I was successfully able to use the sample applications with their default configurations. I want to use the sales-post-sig as the SP and my own IDP. For doing this, I created a new keystore file using this command

keytool -genkey -alias myAlias -keyalg RSA -keystore keystore.jks

I set keystore password to "password"

I set Key password to "secret"

I added my IDP's cert file to the keystore using this command:

keytool import -trustcacerts -alias certAlias -file idp.cert -keystore keystore.jks

The cert gets added. I checked this using:

keytool -list -v -keystore keystore.jks

I put this keystore.jks in the java/resources folder.

I modified the picketlink.xml file with the following information:

i build sales-post-sig.war and deploy it on JBoss.It deploy correctly. When I try to access it using http://localhost:8080/sales-post-sig, I get the following error

Caused by: javax.xml.crypto.dsig.XMLSignatureException: PLFED000100: Signing Process Failure

at org.picketlink.identity.federation.PicketLinkLoggerImpl.signatureError(PicketLinkLoggerImpl.java:99) [picketlink-jbas7-2.1.5.Final.jar:2.1.5.Final]

... 18 more

Caused by: java.lang.NullPointerException: signingKey cannot be null

at javax.xml.crypto.dsig.dom.DOMSignContext.<init>(DOMSignContext.java:96) [xmlsec-1.5.1.jar:1.5.1]

at org.picketlink.identity.federation.core.util.XMLSignatureUtil.sign(XM

LSignatureUtil.java:345) [picketlink-core-2.1.5.Final.jar:2.1.5.Final]

at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sig

n(SAML2Signature.java:190) [picketlink-core-2.1.5.Final.jar:2.1.5.Final]

at org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature.sig

nSAMLDocument(SAML2Signature.java:259) [picketlink-core-2.1.5.Final.jar:2.1.5.Fi

nal]

Is there anything wrong with the keystore or cert file? Am I missing any step to set the sample sp with my IDP? What is signingkeyValue and where can I set it?

Thanks in advance!

-Mitu

1. Re: "SigningKey cannot be null" when using keystore file in the sample apps

pradhap1125 Jan 25, 2017 7:34 AM (in response to mitusingh27)

Hi,

1)The above error you are getting because you have imported a certificate with alias name as "certAlia" and you have given the same in <Auth Key="SigningKeyAlias"   Value="certAlias" /> .This should not be done .Change the value to the alias name of the keystore which you might have given while creating the keystore

2) If you are going with different keystores for your idp and sp ,create a certificate for idp using keytool and import it in sp's keystore .similarly create one certificate    for sp and import the same in idp's keystore.

   3) <Auth Key="SigningKeyPass" Value="secret" />
            <Auth Key="SigningKeyAlias" Value="certAlias" />    these attributes should be the alias name and key password of your keystore file given by you while creating the    keystore file.You should not mention alias name of the certificate file.

4)Once you are done with importing certificates in both your idp and sp keystore. add the line in both idp and sp's picketlink.xml file <ValidatingAlias Key="localhost" Value="certAlias" /> and here the value will be the alias name of the certificate you are importing .since you are doing this in your local "ValidatingAlias Key" is "localhost". otherwise it should be your application url.
Actions