000014808 - FIM error 'Unable to load the keystore from keystore file location'

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014808
Applies ToFederated Identity Management Module 4.1

Error in FIM web browser:

Error message: Exception encountered at the top-level of the profile bean: The assertion could not be decrypted: Unable to decrypt due to an error: Unable to load the keystore from keystore file location Error stack trace: com.rsa.fim.profile.sso.SSOProfileException: Exception encountered at the top-level of the profile bean: The assertion could not be decrypted: Unable to decrypt due to an error: Unable to load the keystore from keystore file location at com.rsa.fim.profile.sso.SSOHelper.handleThrowable(SSOHelper.java:638) at com.rsa.fim.profile.sso.SAML20SSOService.processResponse(SAML20SSOService.java:1888) at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:179) at com.rsa.fim.profile.common.FIMProfileBean.processResponse(FIMProfileBean.java:69) at com.rsa.fim.profile.common.FIMProfile_mzkd72_EOImpl.processResponse(FIMProfile_mzkd72_EOImpl.java:157) at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:78) at com.rsa.fim.servlet.sso.AssertionConsumerService.doPost(AssertionConsumerService.java:39) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at com.rsa.fim.servlet.FIMGenericServletFilter.doFilter(FIMGenericServletFilter.java:38) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200) at weblogic.work.ExecuteThread.run(ExecuteThread.java:172) Caused by: com.rsa.fim.exception.ProfileException: The assertion could not be decrypted: Unable to decrypt due to an error: Unable to load the keystore from keystore file location at com.rsa.fim.profile.util.ProfileHelper.decryptAssertions(ProfileHelper.java:1587) at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1421) at com.rsa.fim.profile.sso.SAML20SSOService.processResponse(SAML20SSOService.java:1471) ... 22 more Caused by: com.rsa.fim.exception.CryptoUtilException: Unable to decrypt due to an error: Unable to load the keystore from keystore file location at com.rsa.fim.util.crypto.EncryptionHelper.decrypt(EncryptionHelper.java:398) at com.rsa.fim.util.crypto.EncryptionHelper.getAssertionsInResponse(EncryptionHelper.java:442) at com.rsa.fim.profile.util.ProfileHelper.decryptAssertions(ProfileHelper.java:1582) ... 24 more Caused by: com.rsa.fim.exception.CryptoUtilException: Unable to load the keystore from keystore file location at com.rsa.fim.util.crypto.EncryptionHelper.decrypt(EncryptionHelper.java:347) ... 26 more

IssueFIM error "Unable to load the keystore from keystore file location"

Error in FIM System.log

2009-08-28 13:48:31,953, (SSOHelper.java:632), vdc-image001, , , , SSO top-level profile exception: , com.rsa.fim.exception.ProfileException: The assertion could not be decrypted: Unable to decrypt due to an error: Unable to load the keystore from keystore file location
 at com.rsa.fim.profile.util.ProfileHelper.decryptAssertions(ProfileHelper.java:1587)
 at com.rsa.fim.profile.util.ProfileHelper.decryptOrVerifyResponse(ProfileHelper.java:1421)
 at com.rsa.fim.profile.sso.SAML20SSOService.processResponse(SAML20SSOService.java:1471)
 at com.rsa.fim.profile.sso.SSOProfileBean.processResponse(SSOProfileBean.java:179)
 at com.rsa.fim.profile.common.FIMProfileBean.processResponse(FIMProfileBean.java:69)
 at com.rsa.fim.profile.common.FIMProfile_mzkd72_EOImpl.processResponse(FIMProfile_mzkd72_EOImpl.java:157)
 at com.rsa.fim.servlet.sso.AssertionConsumerService.doGet(AssertionConsumerService.java:78)
 at com.rsa.fim.servlet.sso.AssertionConsumerService.doPost(AssertionConsumerService.java:39)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
 at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:226)
 at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:124)
 at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
 at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
 at com.rsa.fim.servlet.FIMGenericServletFilter.doFilter(FIMGenericServletFilter.java:38)
 at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(Unknown Source)
 at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2140)
 at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2046)
 at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused by: com.rsa.fim.exception.CryptoUtilException: Unable to decrypt due to an error: Unable to load the keystore from keystore file location
 at com.rsa.fim.util.crypto.EncryptionHelper.decrypt(EncryptionHelper.java:398)
 at com.rsa.fim.util.crypto.EncryptionHelper.getAssertionsInResponse(EncryptionHelper.java:442)
 at com.rsa.fim.profile.util.ProfileHelper.decryptAssertions(ProfileHelper.java:1582)
 ... 24 more
Caused by: com.rsa.fim.exception.CryptoUtilException: Unable to load the keystore from keystore file location
 at com.rsa.fim.util.crypto.EncryptionHelper.decrypt(EncryptionHelper.java:347)
 ... 26 more

CauseThe Service Provider does not have a valid Decryption Truststore defined.
Resolution

Under Entities/Local Entities/Manage Existing,

Select the Service Provider Entity from the list and select "Edit Basics"

Under the "Signing and Decryption - Messages and Assertions" area in the "Decryption Keystore Entries" area select an available keystore and add it to the Entity.

Legacy Article IDa47272

Attachments

    Outcomes