org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied to verify signature)
Issue
I'm trying to configure an STS (SAML Token Service) using CXF, and I'm getting the following error:
15:36:34,375 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/127.0.0.1:8180-1) Interceptor for {urn:picketlink:identity-federation:sts}PicketLinkSTS#{urn:picketlink:identity-federation:sts}IssueToken has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault: General security error (WSSecurityEngine: No crypto property file supplied to verify signature)
at org.apache.cxf.ws.security.wss4j.SamlTokenInterceptor.processToken(SamlTokenInterceptor.java:127) [cxf-rt-ws-security-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.handleMessage(AbstractTokenInterceptor.java:101) [cxf-rt-ws-security-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.apache.cxf.ws.security.wss4j.AbstractTokenInterceptor.handleMessage(AbstractTokenInterceptor.java:61) [cxf-rt-ws-security-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262) [cxf-api-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:237) [cxf-rt-transports-http-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:95)
at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:156)
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87)
[snip]
Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto property file supplied to verify signature)
at org.apache.ws.security.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:64) [wss4j-1.6.9-redhat-2.jar:1.6.9-redhat-2]
at org.apache.ws.security.validate.SamlAssertionValidator.verifySignedAssertion(SamlAssertionValidator.java:121) [wss4j-1.6.9-redhat-2.jar:1.6.9-redhat-2]
at org.apache.ws.security.validate.SamlAssertionValidator.validate(SamlAssertionValidator.java:100) [wss4j-1.6.9-redhat-2.jar:1.6.9-redhat-2]
at org.apache.ws.security.processor.SAMLTokenProcessor.handleSAMLToken(SAMLTokenProcessor.java:188) [wss4j-1.6.9-redhat-2.jar:1.6.9-redhat-2]
at org.apache.ws.security.processor.SAMLTokenProcessor.handleToken(SAMLTokenProcessor.java:78) [wss4j-1.6.9-redhat-2.jar:1.6.9-redhat-2]
at org.apache.cxf.ws.security.wss4j.SamlTokenInterceptor.processToken(SamlTokenInterceptor.java:172) [cxf-rt-ws-security-2.6.6-redhat-3.jar:2.6.6-redhat-3]
at org.apache.cxf.ws.security.wss4j.SamlTokenInterceptor.processToken(SamlTokenInterceptor.java:94) [cxf-rt-ws-security-2.6.6-redhat-3.jar:2.6.6-redhat-3]
... 27 more
Environment
- Red Hat JBoss Enterprise Application Platform (EAP) 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.