Porting a SAML-project from 9 IAS to 10g

At my customers’ site all projects need to be ported from an IAS 9 enviroment to 10g, normally you would think just redeploy the ear-files and everything will run just fine but this isn’t the case.

For example, an application using SAML Tokens wasn’t working any more when trying to deploy it to the 10g environment. When we tried to run the application in the embedded container in JDeveloper the application didn’t work either.

No changes were made to the application and it runs fine on 9 IAS but it doesn’t anymore on 10G or embedded OC4J in JDeveloper

This needs some investigation wright …

The exception that was thrown by the application when trying to run it embedded was the following:

SAMLSignedObject.fromDOM() detected an XML security exception: The requested algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 does not exist.

Trying to replace the different jar-files such as xercesImpl and xalan didn’t do the trick and then finally I stumbled on a post concerning troubles with IBM-libraries and XMLSec.jar.

In the post the following was stated:

xmlsec 1.1 and the IBM JRE don’t get along. Endorsement isn’t the issue, the
algorithms have to registered in the xmlsec config file inside the jar and
by default it doesn’t know about their JCE.

You might try dropping in the 1.2 xmlsec code, I believe they dumped the old
scheme and just use the JCE calls to get algorithms now. Another option is
to use the BouncyCastle JCE, if it even runs with IBM’s JRE.

So I thought it might be a problem with the JDK version we were using, the older version used JDK 1.4.2 and now, with JDeveloper we were using JDK 1.5.

So let’s try the same proposition as for IBM, download the latest version of the xml security library.

We downloaded the latest version of the xmlsec-libraries from apache ‘http://santuario.apache.org/download.html’, the lib xmlsec-1.4.1.jar.

Retested the application again and now everything runs fine.

I’ve read a lot of people are running into this error in IAS 10g, please replace the library and try again.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

About nathalieroman