Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

franck le calloch
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/a9b3df5a-7dce-4acc-a672-85546998117c%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

Christian Cousquer

Le lun. 20 mai 2019 à 12:13, franck le calloch <[hidden email]> a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/a9b3df5a-7dce-4acc-a672-85546998117c%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/CABXcw2UAAmts00R0gL0KOCU_jMKjznjGfpOS%3D1LdNJRa3%2B-ajg%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

Christian Cousquer
pour la documentation en français pour uPortal :
http://jasig.github.io/uPortal/fr/implementer/authentification/cas.html 
cordialement
Christian 

Le lun. 20 mai 2019 à 12:31, Christian Cousquer <[hidden email]> a écrit :

Le lun. 20 mai 2019 à 12:13, franck le calloch <[hidden email]> a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/a9b3df5a-7dce-4acc-a672-85546998117c%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/CABXcw2Wwgrne2Huwto1HkY_VuVC5EJbdWgGtwoN8y3DaK%3Dvp1w%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

Julien Gribonvald
In reply to this post by franck le calloch

from web search it seems that come from your java install. Which version of java make running your uPortal ? And which accurate uPortal version are you using ?

en cherchant sur le web cela semble venir de java. Quelle version de java fait tourner uPortal ? et quelles version exacte de uPortal utilises tu ?

Julien

Le 22/05/2019 à 09:58, franck le calloch a écrit :
Merci pour ces infos.
j'ai effectivement suivi la documentation.
Le CAS renvoi bien le crédential crypté.

C'est du coté uPortal mon problème.
je ne comprend pas pourquoi il ne lit pas la clef privé :

o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

je suis bloqué


Le lundi 20 mai 2019 12:13:30 UTC+2, franck le calloch a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan
--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/938b0d8d-e9e0-40ef-a0c8-45a703d596a1%40apereo.org.
--
Julien Gribonvald

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/5cf82a4a-2454-8b42-ea44-caed80b74aa8%40recia.fr.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

franck le calloch
In reply to this post by franck le calloch
Thank you for your help
Java version is : openjdk version "1.8.0_181"
the SE is: Debian 9
and uPortal is: Uportal-Start version 5 update via git

JCE is installed, , but a have always the error.

Perhaps a another detail, i have in the log this :

Jasypt support for encrypted property values DISABLED;  specify environment variable UP_JASYPT_KEY

A another idea ?
thanks

Le lundi 20 mai 2019 12:13:30 UTC+2, franck le calloch a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/4cfc3d6e-38c3-4b79-98ff-dfcdb51b4300%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

Christian Cousquer
Hi Franck,

From a quick google search: this may perhaps help you. You need perhaps to use Jasypt CLI Tools.

See as an example:
https://github.com/Jasig/CalendarPortlet/blob/master/README.md#using-encrypted-property-values 

Best regards,
- Christian

Le ven. 24 mai 2019 à 10:23, franck le calloch <[hidden email]> a écrit :
Thank you for your help
Java version is : openjdk version "1.8.0_181"
the SE is: Debian 9
and uPortal is: Uportal-Start version 5 update via git

JCE is installed, , but a have always the error.

Perhaps a another detail, i have in the log this :

Jasypt support for encrypted property values DISABLED;  specify environment variable UP_JASYPT_KEY

A another idea ?
thanks

Le lundi 20 mai 2019 12:13:30 UTC+2, franck le calloch a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/4cfc3d6e-38c3-4b79-98ff-dfcdb51b4300%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/CABXcw2W8RzqZ8mcpKX2B%2B0ePnPaVrf1KDwWvAxYH2q1rWQvULA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

franck le calloch
In reply to this post by franck le calloch
to make some test and debug, i would modify the file : 

But i use Uportal-start.

Can i use the overlay Uportal to put the new file java source? 
How i compile and deploy Uportal with the new file CasAssertionSecurityContext.java ?
Thank

Le lundi 20 mai 2019 12:13:30 UTC+2, franck le calloch a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/05900f4d-e507-4d72-9199-a9857ebcf909%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Uportal 5 + clearpass + error 'RSA' KEYFACTORY NOT AVAILABLE

Benito J. Gonzalez-2
Here’s my suggestion:

1. Make a directories custom/my-security
2. Create a build.gradle file in that directory, like
description = “My Custom Components for uPortal Security"

apply plugin: 'java'
apply plugin: 'eclipse'


repositories {
    mavenLocal()
    mavenCentral()
}

dependencies {
    compile "org.jasig.portal:uPortal-core:${uPortalVersion}"
    compile "org.jasig.portal:uPortal-security-core:${uPortalVersion}"
    compile "org.jasig.portal:uPortal-events:${uPortalVersion}"
    compile "org.slf4j:log4j-over-slf4j:${slf4jVersion}"
    compile "org.slf4j:jcl-over-slf4j:${slf4jVersion}"
    compile "org.slf4j:slf4j-api:${slf4jVersion}"
    compileOnly 'org.projectlombok:lombok:1.18.6'
    annotationProcessor 'org.projectlombok:lombok:1.18.6'
    compileOnly "${portletApiDependency}"
    compileOnly "${servletApiDependency}"
}
3. Edit dependencies as needed for your class(es)
4. Make directories custom/my-security/src/main/java/… (package of classes)
5. Copy custom class to appropriate directory
6. add `include ‘custom:my-security’` to settings.gradle
7. add `compile project(‘:custom:my-security’)` to dependencies section of overlays/uPortal/build.gradle

Sorry these are not the clearest instructions. Feel free to ask me to elaborate on any of these steps.

Best,
—bjagg

Benito J. Gonzalez
Software Developer
Unicon, Inc.
Voice:  480.558.2360
 Text:  209.777.2754
GitHub:  bjagg
BitBucket:  bjagg



On May 27, 2019, at 1:00 PM, franck le calloch <[hidden email]> wrote:

to make some test and debug, i would modify the file : 

But i use Uportal-start.

Can i use the overlay Uportal to put the new file java source? 
How i compile and deploy Uportal with the new file CasAssertionSecurityContext.java ?
Thank

Le lundi 20 mai 2019 12:13:30 UTC+2, franck le calloch a écrit :
Hello,

on a test platform I try version 5 of uPortal.

 I wanted to set up 'clearpass' to accept encrypted passwords (via CAS
V5.2).

 In the uPortal logs I block on the following error:

ERROR [ajp-nio-8009-exec-5-guest]
o.a.p.s.p.c.CasAssertionSecurityContext 2019-05-17 09: 50: 12,006 - Can
not load key from file: /etc/ssl/certs/cas/private.p8
java.security.NoSuchAlgorithmException: 'RSA' KEYFACTORY NOT AVAILABLE

I followed the documentation by generating the keys:

 openssl genrsa -out private.key 1024

openssl rsa -pubout -in private.key -out public.key -inform PEM -outform
DER

openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in private.key
-out private.p8

and in uPortal.propertie

 I have:

## Flag to determine if the portal should convert Assertion attributes
to user attributes - defaults to false
org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes
= true

## Flag to determine if credential attribute from CAS should be
decrypted to password - defaults to false
org.apereo.portal.security.cas.assertion.decryptCredentialToPassword =
true

## Unsigned private key in PKCS8 format for credential decryption (for
decryptCredentialToPassword)
org.apereo.portal.security.cas.assertion.decryptCredentialToPasswordPrivateKey
= /etc/ssl/certs/cas/private.p8

 An idea?

Thank you

-- 

Le Calloch Franck

Ecoles de Saint-Cyr Coëtquidan

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/05900f4d-e507-4d72-9199-a9857ebcf909%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/69991EA6-3F2F-4B89-8BFC-430F2D2EE2D6%40unicon.net.