How to resolve java.security.InvalidKeyException while configuring MFA in WSO2 identity server 5.5.0

Question

I'm using wso2is-5.5.0. I'm trying to enable Multi factor authentication for Identity Server. I have done by following this link https://docs.wso2.com/display/IS530/Configuring+Multi-factor+Authentication+for+WSO2+IS. After restarting while login to management console, it is redirecting to one page showing

 SAML 2.0 based Single Sign-On
 Error when processing authentication request!
 Please try login again!

In console,

Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default pa
rameters
Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters
        at org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1140)
        at org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1083)
        at org.opensaml.xml.encryption.Encrypter.encryptElement(Encrypter.java:452)
        ... 66 more
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
        at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026)
        at javax.crypto.Cipher.implInit(Cipher.java:801)
        at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
        at javax.crypto.Cipher.init(Cipher.java:1249)
        at javax.crypto.Cipher.init(Cipher.java:1186)
        at org.apache.xml.security.encryption.XMLCipher.encryptData(XMLCipher.java:1137)
        ... 68 more

I have downloaded JCE jars for Java 8 and placed in C:\Program Files\Java\jre1.8.0_171\lib\security Still problem persists.

Did you enable "Enable Response Signing" or "Enable Assertion Encryption". Can you disable each and share the response? — Nilasini, Aug 08 '18 at 10:23
After unselecting Enable Assertion Encryption it is working fine. Thank you — Sudheer Reddy, Aug 09 '18 at 09:00

Dinali Dabarera · Answer 1 · 2018-08-06T15:19:32.787

This exception is thrown, not due to an issue of the Identity Server. Reason for this issue could be, JCE file is not installed to your JRE properly. But as you have added/replaced local_policy.jar and US_export_policy.jar files, please run the following test code to check whether it is applied properly.

    public class JCETest {

    public static void main(String args[]) {
        int maxKeyLen = 0;
        try {
            maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
        } catch (NoSuchAlgorithmException e) {
            Assert.fail();
        }

        Assert.assertEquals(2147483647, maxKeyLen);
        System.out.println(maxKeyLen);
    }
}

You should get the following as output, If JCE is successfully installed:

AES key size should be equal to the 2147483647 if JCE files has been installed successfully.

More information is in http://stackoverflow.com/questions/6481627/java-security-illegal-key-size-or-default-parameters

I had run that code it is fine. That means JCE fies installed successfully right? But i'm getting same Exception — Sudheer Reddy, Aug 07 '18 at 10:09

How to resolve java.security.InvalidKeyException while configuring MFA in WSO2 identity server 5.5.0

1 Answers1