samlify ERR_EXCEPTION_OF_ASSERTION_DECRYPTION

228 views Asked by At

When I trying to make a Okta validation with a SAML using samlify on my project

import * as samlify from 'samlify';
import * as fs from 'fs';
import * as validator from '@authenio/samlify-node-xmllint';

const binding = samlify.Constants.namespace.binding;

samlify.setSchemaValidator(validator);

const filePathIdpMeta = __dirname + '/../' + 'meta1123/meta/Testv2-xml-idp.xml';
const filePathSPMeta =  __dirname + '/../' + 'meta1123/meta/Testv2-xml-sp.xml';
const filePathSpKey =   __dirname + '/../' + 'meta1123/key/encryptKey.pem';

console.info("----PATHS----")
console.info(filePathIdpMeta);
console.info(filePathSPMeta);
console.info(filePathSpKey);

const idp = samlify.IdentityProvider({
    metadata: fs.readFileSync(filePathIdpMeta),
    messageSigningOrder: 'sign-then-encrypt',
    isAssertionEncrypted: true,
    wantAuthnRequestsSigned: false

})

Currently I getting the following error:

http://www.w3.org/2001/04/xmlenc#rsa-1_5 is no longer recommended due to security reasons. Please deprecate its use as soon as possible.
Error: Not found: child not in parent
    at assertPreInsertionValidity1to5 (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/node_modules/@xmldom/xmldom/lib/dom.js:798:9)
    at _insertBefore (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/node_modules/@xmldom/xmldom/lib/dom.js:938:2)
    at Document.replaceChild (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/node_modules/@xmldom/xmldom/lib/dom.js:1054:3)
    at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:681:15
    at Object.decrypt (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/@authenio/xml-encryption/lib/xmlenc.js:202:16)
    at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:670:23
    at new Promise (<anonymous>)
    at Object.decryptAssertion (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:655:14)
    at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/flow.ts:225:34
    at step (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:33:23) {
  code: 8
}
[FATAL] when parsing login response sent from okta Error: ERR_EXCEPTION_OF_ASSERTION_DECRYPTION
    at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:675:27
    at Object.decrypt (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/@authenio/xml-encryption/lib/xmlenc.js:214:12)
    at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:670:23
    at new Promise (<anonymous>)
    at Object.decryptAssertion (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/libsaml.ts:655:14)
    at /home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/src/flow.ts:225:34
    at step (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:33:23)
    at Object.next (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:14:53)
    at fulfilled (/home/my_local_path/Service_Providers/sp-oauth0/node_modules/samlify/build/src/flow.js:5:58)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
1

There are 1 answers

1
Lawrence On BEST ANSWER

You must either set 'isAssertionEncrypted' to be false or upload an Encryption Certificate on both Okta and your own app.