Error parsing metadata XML for Identity Provider (IdP) Name test

Vikram Saxena HCL

Hi Team,

We are getting issue on OTDS SAML login with warning message in otds logs.

Since we are not able to find out what certificate expired at java or tomcat level. We already renew all tomcat and cacerts. IDP file has been uploaded on 19 August 2022 with no issue during that time. Can someone also faced this issue and let know what will be the action requires.

OTDS Version: 10.5.0 SP1 with Patch 6

java.security.cert.CertificateExpiredException: NotAfter: Wed Aug 24 02:59:59 EEST 2022

at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)

at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:575)

at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:548)

at com.opentext.otds.as.drivers.saml.SAML2Handler.parseProviderInfo(SAML2Handler.java:1612)

at com.opentext.otds.as.drivers.saml.SAML2Handler.getIDPInfo(SAML2Handler.java:1851)

at com.opentext.otds.as.drivers.saml.SAML2Handler.process(SAML2Handler.java:1903)

at com.opentext.otds.as.OtdsAuthenticationManager.authenticate(OtdsAuthenticationManager.java:588)

at com.opentext.otds.as.ASHTTPService.service(ASHTTPService.java:503)

at com.opentext.otds.as.AsServlet.service(AsServlet.java:132)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter

Regards,

Vikram Saxena

Find more posts tagged with

Comments

Vikram Saxena HCL

Full error logs

2022-09-12 09:43:28.074 [bio-8443-exec-1] WARN com.opentext.otds.as.drivers.saml.SAML2Handler - Error parsing metadata XML for test:

java.security.cert.CertificateExpiredException: NotAfter: Wed Aug 24 02:59:59 EEST 2022

at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)

at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:575)

at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:548)

at com.opentext.otds.as.drivers.saml.SAML2Handler.parseProviderInfo(SAML2Handler.java:1612)

at com.opentext.otds.as.drivers.saml.SAML2Handler.getIDPInfo(SAML2Handler.java:1851)

at com.opentext.otds.as.drivers.saml.SAML2Handler.process(SAML2Handler.java:1903)

at com.opentext.otds.as.OtdsAuthenticationManager.authenticate(OtdsAuthenticationManager.java:588)

at com.opentext.otds.as.ASHTTPService.service(ASHTTPService.java:503)

at com.opentext.otds.as.AsServlet.service(AsServlet.java:132)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at com.opentext.otds.as.TenantFilter.doFilter(TenantFilter.java:74)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:165)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1201)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run

Vikram Saxena HCL

I pointed out the issue. The old idp SAML XML matadata still called even after disabling old auth handler.

How can the latest saml auth handler take priority over older configuration ?