000013814 - FIM Unsupported encryption algorithm error when importing partner metadata

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013814
Applies ToRSA Federated Identity Management Module (FIM) 3.1
IssueFIM Unsupported encryption algorithm error when importing partner metadata
2008-09-24 14:17:24,983, (SSOHelper.java:608), servera, , , , SSO top-level profile exception: , com.rsa.fim.profile.sso.SSOProfileException: Error encrypting the nameid: Unable to encrypt due to an error: Unsupported encryption algorithm
        at com.rsa.fim.profile.util.ProfileHelper.encryptOrSignResponse(ProfileHelper.java:1165)
        at com.rsa.fim.profile.sso.SSOProfileBean.processAuthnRequest(SSOProfileBean.java:1104)

This error indicates that FIM cannot determine the encryption algorithm of the certificates embedded in the metadata. 

In this instance the following algorithm is listed in the metadata

 <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes-cbc"/>

 The correct format for the algorithm should be:

 <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

ResolutionRemove the certificates from the metadata and import the metadata without them.   Manually import the certificates into the JKS file. 
Legacy Article IDa42276

Attachments

    Outcomes