[IdP] Error occurred while decoding OAEP padding.

Back to Forums

Neil Evans

Solved

Question

Forge

Hi,

Recently started receiving failed SAML messages from ADFS

We are using cloud and before reloading the metadata we were getting

Error processing response. Cannot find the requested object

reloaded the metadata then got

Error processing response. Error occurred while decoding OAEP padding.

Here is the response

<samlp:Response ID="_277dc6c4-bb75-4689-a420-92339a923bda" Version="2.0" IssueInstant="2019-01-23T02:36:36.262Z" Destination="https://mm-dev.outsystemsenterprise.com/IdP/SSO.aspx" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="id_t20_39d860b6c65e4f8c81e435f2fd1b3432" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://federation.mmem.com.au/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData Type="https://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="https://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="https://www.w3.org/2001/04/xmlenc#aes256-cbc" /><KeyInfo xmlns="https://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="https://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="https://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="https://www.w3.org/2000/09/xmldsig#sha1" /></e:EncryptionMethod><KeyInfo><ds:X509Data xmlns:ds="https://www.w3.org/2000/09/xmldsig#"><ds:X509IssuerSerial><ds:X509IssuerName>CN=OS_SP</ds:X509IssuerName><ds:X509SerialNumber>3301418846879454358</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></KeyInfo><e:CipherData><e:CipherValue>W+yRne6gPQJRSnQ3rZfjNZTE389Hw0CVsW3dmcl2+Bun0cUnq1jPVJI1ccozfFLEy4HdASIlN+iUxLD0+59YOkZYoUaMVPH1+ttSNrKqhnAwXXtmQ8Kkv8gPyrIcey6SIiC196fhoL/MBjVW9aKkfuUrWqW3G3iI3pmtdYNRAdWmKYL0srPPbgi21P2far3dz1JjtUSdhbILWibFA4O+73QOsdrhmaLUjrpG5O7ByRDKQVWCQc31w1d92iN+kHTWTDo23AWbhGjY+O03t1Qz1/fqx/hOEhjw7sQHDdPxa80sP2hTlCIu66hSU2gzPx8XOufCul1nsgBnYbw/lo0Yuw==</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>KWBlk7ADzblvJhnqkaLGUZfNyTsxeXWstWlSsJGFgoD6ZN+5+UK8YFSOciqel0ZpgeTzYvVIdNUHEMdXj40JQDCKP8zgmQtp3P373m1bWvRbVa5iyTsSQa3xAnljRw8aIQAGXT5TE6Pa2DDF+H9nnArprrac9pHQ8JWPcvztRx1qW6qV79Q9MqWrXcm3ZkSdTchV2WsYywqAL6w6fOB/LVu2+NERCokFD16gFOSfpp99EJMQcp1mW8PdFrCNMli4x1UY77sH1iukwJ20CNCgS8ODMGTdOvJMLx6DP0czjYwf053LqiKysvmFHudYKQlKYVRqRrvsok377wcBlmI+KGCUpDGkWaGsTXgA8O2552MPdEt2sjS+Z6oemvivZhgaPhpCCee6+bS2YQtR1m0zTYO4Zg1XBANTOJVF2XjO3SZX9/sFjXppwIDJ1juEJowBUAJr/bYsjjmTJSTaBvz43ME0aIxTWZ9vKefWDn87GaTZTIwVlNjJe8w4/tLK8+gkjd4SoM19crUUTQZchN3gIPuCBrHYQ8r2feK5SpgSv8L43x/fO26MTKAx23qR7fjH3OnbchRa1PgubTZkqA0k9isZCGF/FXlsBn+NNX51TvRlbA42GyAvMw5CnDe5/SX15YeCYC+U2L8GZG0lnCAz0ABSN0YXiw6CXCOPy/X9orDxR+lUs6VquQeAg9v8LCvKp5I4dvbWlAjlMfe+mBCNJTCD/BKVsMl9iepGbFBxSwyOVZli66Vsz4OLqZKmEPNl+jZBpQKlWarzSWghtBKV2QJyyWcavdIstpuCjMcY44MdfMJJ8k0M9+SMWgMj4ntEvLQmRUMFYMguEW6aT7W414I0j1ON7822ImqPFS74q1CqMbR+rTo7zAKtdeVHO6UaT213gjdQ/be0SCUP948hs1KFco2BAHcPxXJqGfJS2Q/TpKmZZrz9AM2ZivgsSdLuFLkmieW/MJEnGqNj9NV4rfh+qO0NDpISqR/uXC5mk61CimjicKZcoRzVb7sEIyyJGF3mtVL2RpHXn26qgla/E5FoiSC8hIvoNs44VlTqyJmqPFMSgl19/DblaxKdHot1Ydeyf23fNc64yFVeD13FFRvfqBXBVskCR3W31GYoeHoqU2Skzpa5mj8EqFc9j0Ua63/Y7ycH2O+wG1gMrBAx7Js/SK1ROSsY/QtsSEqX/ym/0vrv9mTTPb0FWS4GRCynF90FqHSLRO7pkiYOFkBwM0KhMJ8TMURAQ1VgyAZqfAnDmF5RI7XbKIf69FpAQLFfv54MC214Vc3bgGEGJ3jY4cbDx1vcVH6pAVBlcV+BDB4NaKRtGoMR0cM0+3m3EJyYQT5GSX/sFA0lp+g19oxaRR3BGhd/qm4V1DIa3BG8szlxBFJq4ah6dKXRCPJZ82ZjbfJZNN2QYUsA7iv5uK6enWr5mayUSja6DLrXH9OqmDzG04WVF8mKrUITJnfT3QosqyGlprdp5Mz5x6p1d4XZ9o2fk6m8nURPwZrPNY+AVP3ZroqLIbm3byxoUzt6+VK0s9N7c8uN8V8GB1XWoZBhog7G6h2VI4jf2i4CWi2IxTjwvo3p2kIe8udj0VZ7/AfpogfCAo4Z/xbrQUnzvpTAhznS9KI5jF+cjnLQPUofll1aszEIK+IWpUp8ON8fpz0Lw4XRS1DRYy9cLC2mStnvZoEnHapATqBSSRIhg2s6dgaI1Rk1iTo3mqgfwGkPXAJqAx+vQDb0GH+SlturF5mjfL1t6aKobrLR9eOimG+yWilMSYdTTZtlsmVxvG1Jk67xhzmUI5DSdcskN4haguqdt4jkqLOX3opDboPNELbaYAr2IXERN9/g+STAJApdRKabc4h2CdBLTDv6ZUeiT/DB3pJsK6AieFspmoqe1rolROelBXOEZpLAtF/SoQW0o+cclpmAI+07wmr4FeC8srVj2F16BTELkOcJG7knweqoA7ZFLJgBFuBEjmYUkmPQAKgpWmfP8nucdp27DWJpFIEVdXFd8Yian9Wo38OGvxkUgLVnvZojTRiMGdXm1uLZrjwH7YRd8nCgfx3o1Zgcg+cEbQAnzx/uDEvkMtgz59cQKAQgD4V2/iZBYSeJtYq7zr2TAt2BbtPQlLkw6hdqNhflyfxG1zA+kbq4/cHdqmmfJNuzwu9kEEpU3YbpNgATJDLg6ZYJUUN6md1mCB8oCuHDV5tcgcRQoqHFRTPsZnUUoPF+LYxi+coCPN4YcyCwgvKABAqdxfaTBFL7do83w3EPDx3S6OV5Z9kRv1Fo/dWqhu00KYEXCAL150qv7aFYbkmCQBkhrhimt0dLW0HCLznrespos/MwQhV69VeeNqo3ArPUnJQ6ZHyNLxSyD6YadivIdOw1NktO0066ZRdJdFxtMTw2t/NfQILM9dASgRH5lae4vCU3JAQtFL/wc74iN8DGsC6Q2qe3AH/vMdSjwc6sEFvem05FD35ak8FgfCY2ryScvmVWHejW89c+Tkavlz0hArpI1ptV3SqjZsd11a57w+znNE3SFLaRAFhNUfdavE+iYaJWuonuuJEjbVhcY8gW9qtsrJ7U77UeFa5NLqtUDZtyk2Nif1fzkdFI2RSvMvSPZ7Wj80IBHxO79aU2gXw8wsKDRVdVIQdJXd6Pd1z/R3iaC6b6oLuposqHFIXaGLDKKvNegVPzJ7krRPYTq+3N73geHr4S4hl21jpAdMPqSJNwlLLJ0hqizSEisef22tWFC7ClWryDkKuOdfOiYpcra+MolZrO2ttFjYtGIpT2t0OBrjQ1AI1UGhKxnWGecLRhPgF00QfHkxxO3Denc/GBcGsVc9Z14PTpjZUrFq5tIEJlOzPkvInK9PGHyJSCc3dwHFfzO6IFwNWaVGZKjycU0oiXQNBkgJvspb8p2rgblmwPu9M+qMymd8dWcZmviP8Le+VgxWypXoMmseCtd6bS6O2tYjopCwf7jDdWHMFpI2HsbEUjJLakAevbyg/V0aLgMnzpX9pUqjVNxQ2NiFUPj/8Z8IbGQH66qJhwosUUuwdUUkiAAp446xYnJzYIuoGkR65fckzCDgi5PNygqMDH4nGAiIIJCSrkCMwaAyW5JriERJrDv/fuiAjNmQrW+neQXbVr/LTzjEE1yVu3joHikMO/m3EOO0jOqqClh7GHW7ISk0FfgPuHr78XTLm5n7KuOiyv6t8zqO5UCyzj4EDeiWFCurn7oBVO5Bgm1mUMsuScjfWRSVuvdLBBsONtAh7tu05kESJF9dXmRuxyMhqsk6COynv6ev0nD9UrkQGtwLjCo5MQO/XGQQGTLeBfPsMelfBgKt6EVv9nAP/cIXT4jJmdSOA8BZp2qKwqg+DGNgxSF3L9bn+kiXzKScvqY49bqqyGrIn208vQZBwaic2ixDT25zqAH5gslO8q5MwN7BWT64qrGt4wrp2fJgWuyTs4fuSwo4Y5l7Y33t07TqTRhurUS7Nq2GAypBV52XSCasBPOrslpJF3BGZzYtm0/V09tQIFukp2N7Stpl8wymd1tpH1ycA66HJt1o6rsjIzG81X9OP20Owz3zD6CwWwJLgeOOUvmDAgPPTdaLmotEYXi84sbOJCt9S07foajqzUFz2tHaCTX3Bc3CZeIUrIQ3lK3mmHg8hQBKfnD5y/Oan5yf8cE19LjtBulLUyoAwnt4J7peH/wyYZNHBuehvRvGp7l2hALb9APu6YKGWdd5XYclTd80FD5M/jg0Jok9OJ+bey6/lvkgR2JniC392jtOk3BUd8rFoSv+7N/Nx+piAghe9o7yBf590eiijo8vpkGYmT6ZketIvpVPx1hUxJoptEcgGsjUJZKV3rX/QONvh7KulvTNQsRdUFlFcqto2ZiPs+SNkZ0s8/OPfwHSZz5R4QFWCRis1HpCp9cCeN9jmdSlcVU/UnqBEy6X99lfsVHzC+6smPSpWITOuy8eecZqlO4m/Iw42cMCZQm1XejQIejAoF5uglYkCPWFC6FkkyN77ivXoyogYAEh4fqoLxDoi5SRXRuRpeDDyMOptSXjsDUTiVeMejXMT5YVbpwm61AmDsdgWCpfFEd+XLDKubn8NblFJHbyEsewFZCu4EX0tv5zbPzy6ixY1NQl+IdyCEln+rlvPIpQV03eWwbhmVT6SbHEp8YOPhJUlz7urtEW8n</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></EncryptedAssertion></samlp:Response>

I noted on similar post that the keystore was required so i have attached

hopefully I have attached everything needed to diagnose

23 Jan 2019

Telmo Martins

Staff

Solution

Hi Neil,

Usually that error occurs when we are using the wrong keystore (ie, private key) to decrypt the assertion.If before it was working, or in the past ADFS was not encrypting the assertion, or the configured certificates changed. However would say to go to IdP component, export the sp_metadata xml file and import it again on ADFS to refresh the configuration regarding this Sp client.

Regards

See solution in context

23 Jan 2019

1 reply

23 Jan 2019

Show thread

Hide thread

Neil Evans

Telmo Martins wrote:

Hi Neil,

Regards

Hi Telmo,

Thanks the guy who looks after the ADFS won't be available until tomorrow , I will get him to try it and I will report back then.

23 Jan 2019

Neil Evans

Forgot to Attach Keystore

autogen_keystore_024220_passwd_P931569.zip

23 Jan 2019

Telmo Martins

Staff

Solution

Hi Neil,

Regards

23 Jan 2019

1 reply

23 Jan 2019

Show thread

Hide thread

Neil Evans

Telmo Martins wrote:

Hi Neil,

Regards

Hi Telmo,

Thanks the guy who looks after the ADFS won't be available until tomorrow , I will get him to try it and I will report back then.

23 Jan 2019

Neil Evans

Hi,

Issue is solved, seems when ADFS issues the Federation.xml it can issue expired certificates even though active ones are present. Security Guy had to physically delete the old certs from adfs then the federation.xml when applied had the correct certificates and it worked

Thanks

24 Jan 2019

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines