HTTP ERROR 500 Problem accessing /sso/saml2/login. Reason: Server Error

Document ID : KB000125508
Last Modified Date : 30/01/2019
Show Technical Document Details
Issue:
HTTP ERROR 500 Problem accessing /sso/saml2/login. Reason: Server Error Caused by: java.lang.RuntimeException: Unable to marshall the protocol message for request: org.opensaml.saml2.core.impl.AuthnRequestImpl@6f9face8 at common.saml2.MessageEncoder.generateRedirectURL(MessageEncoder.java:64) at common.saml2.AuthenticationRequest.generateRedirectURL(AuthenticationRequest.java:80) at common.sso.saml2.SAML2Login.saml2Login(SAML2Login.java:165) at common.sso.saml2.SAML2Login.doGet(SAML2Login.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685) at com.ca.im.portal.common.web.security.RequestFilter.doFilter(RequestFilter.java:26) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) at org.eclipse.jetty.server.Server.handle(Server.java:517) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572) at java.lang.Thread.run(Thread.java:748) Caused by: org.opensaml.ws.message.encoder.MessageEncodingException: The signing credential's algorithm URI could not be derived at org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder.getSignatureAlgorithmURI(HTTPRedirectDeflateEncoder.java:222) at org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder.buildRedirectURL(HTTPRedirectDeflateEncoder.java:187) at common.saml2.MessageEncoder.generateRedirectURL(MessageEncoder.java:57) ... 37 more Caused by: org.opensaml.ws.message.encoder.MessageEncodingException: The signing credential's algorithm URI could not be derived at
Environment:
CA Performance Mangement
Cause:

Currently, there can only be one certificate in the SAML2 keystore referenced from the saml2.properties file.

When listing the keystore you should only see one key pair.

 

Resolution:

Make sure the SAML keystore only contains the one key pair.

The root and any intermediates are imported into the Java cacerts keystore per the documentation

 

Additional Information:

https://docops.ca.com/ca-performance-management/3-6/en/administrating/single-sign-on/set-up-saml-2-0-support/how-to-set-up-saml-authentication/set-up-saml-certificates