106 views

 

IDP test connection fails when customers use their own JKS to sign the SAML Authentication Requests



Problem


IDP test connection fails when customers use their own JKS to sign the SAML Authentication Requests and you below error when SAML debugging is enabled. Also clicking Generate Metadata UI Action on the IdP record generates no metadata.

SAML2Error: generateCredential:Private key for signing is null. Check if signing key alias is set correctly or the key password is set correctly.

 

Cause


This error appears when platform is unable to retrieve and use the private key from your JKS so as to sign your SAML Authentication request. And, that could be due to various reasons including JKS is missing the private key certificate, Signing/Encryption Key Alias and Passwords on the IdP records are not not of the private key and are instead of JKS.

 

Solution


Please make sure the following:

  1. The JKS you have uploaded in instance is correct and includes the private key which is supposed to be used by the platform for signing the SAML Authentication Request.
  2. The value of Signing/Encryption Key Alias and Signing Encryption Key Password on IdP record holds the alias and password of the private key to be used from the JKS and not the alias and password of JKS.
  3. When following step 1 and 2 does not help please open an incident with us in Hi and we'll assist accordingly.

Article Information

Last Updated:2018-05-16 10:46:43
Published:2018-05-16