1. Home
  2. Support
Article - CS347636

Error "failed to decrypt assertion: XMLSecurity exception while decrypting: OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in final block" after entering credentials in Windchill SSO environment

Modified: 04-Oct-2024   


Applies To

  • Windchill PDMLink 11.2 to 12.1
  • Windchill SSO configured with (Windchill + Shibboleth) <==> PingFederate <==> WindchillDS
  • Windchill SSO configured with (Windchill + Shibboleth) <==> ADFS

Description

  • Error below in shibd.log after entering credentials in Windchill SSO environment :
DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1] [default]: validating signature profile
DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: attempting to validate signature with the peer's credentials
DEBUG XMLTooling.TrustEngine.ExplicitKey [1] [default]: signature validated with credential
DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1] [default]: signature verified against message issuer
DEBUG Shibboleth.SSO.SAML2 [1] [default]: processing message against SAML 2.0 SSO profile
DEBUG XMLTooling.CredentialCriteria [1] [default]: usage didn't match (4 != 3)
DEBUG XMLTooling.CredentialCriteria [1] [default]: key algorithm didn't match ('AES' != 'RSA')
DEBUG XMLTooling.CredentialCriteria [1] [default]: usage didn't match (4 != 3)
WARN XMLTooling.Decrypter [1] [default]: XMLSecurity exception while decrypting key: OpenSSL:RSA privateKeyDecrypt - Error removing OAEPadding
WARN XMLTooling.Decrypter [1] [default]: unable to decrypt key, generating random key for defensive purposes
ERROR Shibboleth.SSO.SAML2 [1] [default]: failed to decrypt assertion: XMLSecurity exception while decrypting: OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in final block
  • Error in Windchill UI while login
image.png
  • When tries to login in Windchill getting the below error
opensaml::FatalProfileException at (https://<SERVER_URL>/Shibboleth.sso/SAML2/POST)

A valid authentication statement was not found in the incoming message.

 
This is a printer-friendly version of Article 347636 and may be out of date. For the latest version click CS347636