1 Reply Latest reply on Jun 24, 2014 10:31 AM by Claudio Miranda

    Picketlink SAML SEAM module - "Encountered encrypted assertion. Skipping it because decryption is not yet supported."

    Daniel Ruiz Newbie

      Hello,

       

      i'm trying to use SAML authentication with a seam 2.3 application. Right now the applicaction is able to request the IDP for authentication and when the user fills username and password correctly it sends back the response. The problem is the assertions the IDP sends are encrypted and it seems not to be supported by the module. Using the debugger i've reached the point (at class org.picketlink.identity.seam.federation.SamlSingleSignOnReceiver) where the following message is displayed:

       

      "Encountered encrypted assertion. Skipping it because decryption is not yet supported."

       

      Is this decryption supported in any version of the seam module? I'm using 1.0.4

       

      In case not, what are the posbile options? Is there any other way to use SAML whit seam 2.3?

       

      Thank you very much,

      Daniel

        • 1. Re: Picketlink SAML SEAM module - "Encountered encrypted assertion. Skipping it because decryption is not yet supported."
          Claudio Miranda Apprentice

          See if this helps to understand the reason behind the integration between PL and se. Use a SeamFilter to create the Seam Identity, and call the authenticator.authenticate to return true.

           

          See a snippet of the Seam Filter

           

          Principal userPrincipal = request.getUserPrincipal();
          
          if (userPrincipal != null && userPrincipal.getName() != null) {
              String username = userPrincipal.getName();
              if (username != null && !identity.isLoggedIn()) {
          
          new ContextualHttpServletRequest(request) {
              @Override
              public void process() throws ServletException, IOException, LoginException {
                  Identity identity = Identity.instance();
                  identity.getCredentials().setUsername(userPrincipal.getName());
                  identity.authenticate();
              }
          }.run();