[IdP] Error occurred while decoding OAEP padding.

Forge Component
(37)
Published on 4 Aug by Telmo Martins
37 votes
Published on 4 Aug by Telmo Martins

Hi,

Recently started receiving failed SAML messages from ADFS

We are using cloud and before reloading the metadata we were getting 

Error processing response. Cannot find the requested object


reloaded the metadata then got

Error processing response. Error occurred while decoding OAEP padding.

Here is the response

<samlp:Response ID="_277dc6c4-bb75-4689-a420-92339a923bda" Version="2.0" IssueInstant="2019-01-23T02:36:36.262Z" Destination="https://mm-dev.outsystemsenterprise.com/IdP/SSO.aspx" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="id_t20_39d860b6c65e4f8c81e435f2fd1b3432" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://federation.mmem.com.au/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData Type="https://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="https://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="https://www.w3.org/2001/04/xmlenc#aes256-cbc" /><KeyInfo xmlns="https://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="https://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="https://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="https://www.w3.org/2000/09/xmldsig#sha1" /></e:EncryptionMethod><KeyInfo><ds:X509Data xmlns:ds="https://www.w3.org/2000/09/xmldsig#"><ds:X509IssuerSerial><ds:X509IssuerName>CN=OS_SP</ds:X509IssuerName><ds:X509SerialNumber>3301418846879454358</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></KeyInfo><e:CipherData><e:CipherValue>W+yRne6gPQJRSnQ3rZfjNZTE389Hw0CVsW3dmcl2+Bun0cUnq1jPVJI1ccozfFLEy4HdASIlN+iUxLD0+59YOkZYoUaMVPH1+ttSNrKqhnAwXXtmQ8Kkv8gPyrIcey6SIiC196fhoL/MBjVW9aKkfuUrWqW3G3iI3pmtdYNRAdWmKYL0srPPbgi21P2far3dz1JjtUSdhbILWibFA4O+73QOsdrhmaLUjrpG5O7ByRDKQVWCQc31w1d92iN+kHTWTDo23AWbhGjY+O03t1Qz1/fqx/hOEhjw7sQHDdPxa80sP2hTlCIu66hSU2gzPx8XOufCul1nsgBnYbw/lo0Yuw==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>KWBlk7ADzblvJhnqkaLGUZfNyTsxeXWstWlSsJGFgoD6ZN+5+UK8YFSOciqel0ZpgeTzYvVIdNUHEMdXj40JQDCKP8zgmQtp3P373m1bWvRbVa5iyTsSQa3xAnljRw8aIQAGXT5TE6Pa2DDF+H9nnArprrac9pHQ8JWPcvztRx1qW6qV79Q9MqWrXcm3ZkSdTchV2WsYywqAL6w6fOB/LVu2+NERCokFD16gFOSfpp99EJMQcp1mW8PdFrCNMli4x1UY77sH1iukwJ20CNCgS8ODMGTdOvJMLx6DP0czjYwf053LqiKysvmFHudYKQlKYVRqRrvsok377wcBlmI+KGCUpDGkWaGsTXgA8O2552MPdEt2sjS+Z6oemvivZhgaPhpCCee6+bS2YQtR1m0zTYO4Zg1XBANTOJVF2XjO3SZX9/sFjXppwIDJ1juEJowBUAJr/bYsjjmTJSTaBvz43ME0aIxTWZ9vKefWDn87GaTZTIwVlNjJe8w4/tLK8+gkjd4SoM19crUUTQZchN3gIPuCBrHYQ8r2feK5SpgSv8L43x/fO26MTKAx23qR7fjH3OnbchRa1PgubTZkqA0k9isZCGF/FXlsBn+NNX51TvRlbA42GyAvMw5CnDe5/SX15YeCYC+U2L8GZG0lnCAz0ABSN0YXiw6CXCOPy/X9orDxR+lUs6VquQeAg9v8LCvKp5I4dvbWlAjlMfe+mBCNJTCD/BKVsMl9iepGbFBxSwyOVZli66Vsz4OLqZKmEPNl+jZBpQKlWarzSWghtBKV2QJyyWcavdIstpuCjMcY44MdfMJJ8k0M9+SMWgMj4ntEvLQmRUMFYMguEW6aT7W414I0j1ON7822ImqPFS74q1CqMbR+rTo7zAKtdeVHO6UaT213gjdQ/be0SCUP948hs1KFco2BAHcPxXJqGfJS2Q/TpKmZZrz9AM2ZivgsSdLuFLkmieW/MJEnGqNj9NV4rfh+qO0NDpISqR/uXC5mk61CimjicKZcoRzVb7sEIyyJGF3mtVL2RpHXn26qgla/E5FoiSC8hIvoNs44VlTqyJmqPFMSgl19/DblaxKdHot1Ydeyf23fNc64yFVeD13FFRvfqBXBVskCR3W31GYoeHoqU2Skzpa5mj8EqFc9j0Ua63/Y7ycH2O+wG1gMrBAx7Js/SK1ROSsY/QtsSEqX/ym/0vrv9mTTPb0FWS4GRCynF90FqHSLRO7pkiYOFkBwM0KhMJ8TMURAQ1VgyAZqfAnDmF5RI7XbKIf69FpAQLFfv54MC214Vc3bgGEGJ3jY4cbDx1vcVH6pAVBlcV+BDB4NaKRtGoMR0cM0+3m3EJyYQT5GSX/sFA0lp+g19oxaRR3BGhd/qm4V1DIa3BG8szlxBFJq4ah6dKXRCPJZ82ZjbfJZNN2QYUsA7iv5uK6enWr5mayUSja6DLrXH9OqmDzG04WVF8mKrUITJnfT3QosqyGlprdp5Mz5x6p1d4XZ9o2fk6m8nURPwZrPNY+AVP3ZroqLIbm3byxoUzt6+VK0s9N7c8uN8V8GB1XWoZBhog7G6h2VI4jf2i4CWi2IxTjwvo3p2kIe8udj0VZ7/AfpogfCAo4Z/xbrQUnzvpTAhznS9KI5jF+cjnLQPUofll1aszEIK+IWpUp8ON8fpz0Lw4XRS1DRYy9cLC2mStnvZoEnHapATqBSSRIhg2s6dgaI1Rk1iTo3mqgfwGkPXAJqAx+vQDb0GH+SlturF5mjfL1t6aKobrLR9eOimG+yWilMSYdTTZtlsmVxvG1Jk67xhzmUI5DSdcskN4haguqdt4jkqLOX3opDboPNELbaYAr2IXERN9/g+STAJApdRKabc4h2CdBLTDv6ZUeiT/DB3pJsK6AieFspmoqe1rolROelBXOEZpLAtF/SoQW0o+cclpmAI+07wmr4FeC8srVj2F16BTELkOcJG7knweqoA7ZFLJgBFuBEjmYUkmPQAKgpWmfP8nucdp27DWJpFIEVdXFd8Yian9Wo38OGvxkUgLVnvZojTRiMGdXm1uLZrjwH7YRd8nCgfx3o1Zgcg+cEbQAnzx/uDEvkMtgz59cQKAQgD4V2/iZBYSeJtYq7zr2TAt2BbtPQlLkw6hdqNhflyfxG1zA+kbq4/cHdqmmfJNuzwu9kEEpU3YbpNgATJDLg6ZYJUUN6md1mCB8oCuHDV5tcgcRQoqHFRTPsZnUUoPF+LYxi+coCPN4YcyCwgvKABAqdxfaTBFL7do83w3EPDx3S6OV5Z9kRv1Fo/dWqhu00KYEXCAL150qv7aFYbkmCQBkhrhimt0dLW0HCLznrespos/MwQhV69VeeNqo3ArPUnJQ6ZHyNLxSyD6YadivIdOw1NktO0066ZRdJdFxtMTw2t/NfQILM9dASgRH5lae4vCU3JAQtFL/wc74iN8DGsC6Q2qe3AH/vMdSjwc6sEFvem05FD35ak8FgfCY2ryScvmVWHejW89c+Tkavlz0hArpI1ptV3SqjZsd11a57w+znNE3SFLaRAFhNUfdavE+iYaJWuonuuJEjbVhcY8gW9qtsrJ7U77UeFa5NLqtUDZtyk2Nif1fzkdFI2RSvMvSPZ7Wj80IBHxO79aU2gXw8wsKDRVdVIQdJXd6Pd1z/R3iaC6b6oLuposqHFIXaGLDKKvNegVPzJ7krRPYTq+3N73geHr4S4hl21jpAdMPqSJNwlLLJ0hqizSEisef22tWFC7ClWryDkKuOdfOiYpcra+MolZrO2ttFjYtGIpT2t0OBrjQ1AI1UGhKxnWGecLRhPgF00QfHkxxO3Denc/GBcGsVc9Z14PTpjZUrFq5tIEJlOzPkvInK9PGHyJSCc3dwHFfzO6IFwNWaVGZKjycU0oiXQNBkgJvspb8p2rgblmwPu9M+qMymd8dWcZmviP8Le+VgxWypXoMmseCtd6bS6O2tYjopCwf7jDdWHMFpI2HsbEUjJLakAevbyg/V0aLgMnzpX9pUqjVNxQ2NiFUPj/8Z8IbGQH66qJhwosUUuwdUUkiAAp446xYnJzYIuoGkR65fckzCDgi5PNygqMDH4nGAiIIJCSrkCMwaAyW5JriERJrDv/fuiAjNmQrW+neQXbVr/LTzjEE1yVu3joHikMO/m3EOO0jOqqClh7GHW7ISk0FfgPuHr78XTLm5n7KuOiyv6t8zqO5UCyzj4EDeiWFCurn7oBVO5Bgm1mUMsuScjfWRSVuvdLBBsONtAh7tu05kESJF9dXmRuxyMhqsk6COynv6ev0nD9UrkQGtwLjCo5MQO/XGQQGTLeBfPsMelfBgKt6EVv9nAP/cIXT4jJmdSOA8BZp2qKwqg+DGNgxSF3L9bn+kiXzKScvqY49bqqyGrIn208vQZBwaic2ixDT25zqAH5gslO8q5MwN7BWT64qrGt4wrp2fJgWuyTs4fuSwo4Y5l7Y33t07TqTRhurUS7Nq2GAypBV52XSCasBPOrslpJF3BGZzYtm0/V09tQIFukp2N7Stpl8wymd1tpH1ycA66HJt1o6rsjIzG81X9OP20Owz3zD6CwWwJLgeOOUvmDAgPPTdaLmotEYXi84sbOJCt9S07foajqzUFz2tHaCTX3Bc3CZeIUrIQ3lK3mmHg8hQBKfnD5y/Oan5yf8cE19LjtBulLUyoAwnt4J7peH/wyYZNHBuehvRvGp7l2hALb9APu6YKGWdd5XYclTd80FD5M/jg0Jok9OJ+bey6/lvkgR2JniC392jtOk3BUd8rFoSv+7N/Nx+piAghe9o7yBf590eiijo8vpkGYmT6ZketIvpVPx1hUxJoptEcgGsjUJZKV3rX/QONvh7KulvTNQsRdUFlFcqto2ZiPs+SNkZ0s8/OPfwHSZz5R4QFWCRis1HpCp9cCeN9jmdSlcVU/UnqBEy6X99lfsVHzC+6smPSpWITOuy8eecZqlO4m/Iw42cMCZQm1XejQIejAoF5uglYkCPWFC6FkkyN77ivXoyogYAEh4fqoLxDoi5SRXRuRpeDDyMOptSXjsDUTiVeMejXMT5YVbpwm61AmDsdgWCpfFEd+XLDKubn8NblFJHbyEsewFZCu4EX0tv5zbPzy6ixY1NQl+IdyCEln+rlvPIpQV03eWwbhmVT6SbHEp8YOPhJUlz7urtEW8n</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></EncryptedAssertion></samlp:Response>


I noted on similar post that the keystore was required so i have attached

hopefully I have attached everything needed to diagnose



Forgot to Attach Keystore

Solution

Hi Neil,

Usually that error occurs when we are using the wrong keystore (ie, private key) to decrypt the assertion.If before it was working, or in the past ADFS was not encrypting the assertion, or the configured certificates changed. However would say to go to IdP component, export the sp_metadata xml file and import it again on ADFS to refresh the configuration regarding this Sp client.

Regards

Solution

Telmo Martins wrote:

Hi Neil,

Usually that error occurs when we are using the wrong keystore (ie, private key) to decrypt the assertion.If before it was working, or in the past ADFS was not encrypting the assertion, or the configured certificates changed. However would say to go to IdP component, export the sp_metadata xml file and import it again on ADFS to refresh the configuration regarding this Sp client.

Regards

Hi Telmo,

Thanks the guy who looks after the ADFS won't be available until tomorrow , I will get him to try it and I will report back then.



Hi,

Issue is solved, seems when ADFS issues the Federation.xml it can issue expired certificates even though active ones are present. Security Guy had to physically delete the old certs from adfs then the federation.xml when applied had the correct certificates and it worked

Thanks