SAMLv2 keystore issues
If the Security Assertion Markup Language 2.0 (SAMLv2) keystore is configured incorrectly, you may review the following issues:
Examples of SAMLv2 keystore issues
The following error messages indicate that the keystore is of the wrong format. For SAMLv2, only keystores that are in Java Key Store (JKS) format are supported. This keystore is used for holding certificates and private keys for signing and encryption.
java.io.IOException: Invalid keystore format
ERROR: mapPk2Cert.JKSKeyProvider:
java.lang.NullPointerException
ERROR: mapPk2Cert.JKSKeyProvider:
java.io.IOException: Keystore was tampered with, or password was incorrect
The following message indicates that the files containing the passwords for the store or the key do not contain the correct values (the values must be encoded before being stored within the files):
ERROR: JKSKeyProvider: keystore file does not exist
libSAML:03/02/2011 12:42:23:418 PM CST: Thread[main,5,main]
ERROR: JKSKeyProvider: keystore password is null
The following message (displayed in the browser) indicates that the keystore file is incorrectly defined or missing:
HTTP Status 400 - Error processing AuthnRequest. Error retrieving meta data.
To view SAMLv2 logs
Follow these steps to check the SAMLv2 log files file on BMC Atrium SSO Admin Console.
- On the BMC Atrium SSO Admin Console, click Edit BmcRealm.
- On the Federation tab, open the SP or IdP for which you want to view logs.
- Click the Logging tab, and then click View to open the SP or IdP logs in a browser.
- Check if the logging is enabled for SP or IdP.
- Click OK to close the logs.