cancel
Showing results for 
Search instead for 
Did you mean: 

SAML Singlesignon Error during upgrade from 2011 to 2205

former_member740549
Discoverer
0 Kudos

Hi All,

We are upgrading our application from commerce version 2011 to 2205. We have our custom sso extensions (for both storefront and backoffice) which we upgraded based upon latest OOTB samlsinglesignon extension. In local environment it is working fine and getting redirected to IDP but when we are deploying the same in cloud we are getting KeyStoreInitializationException during deployment and the deployment is getting failed without starting the services.

Below is the error we are getting during deployment:

"org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/samlsinglesignon]",<br>"threadId":23,"threadPriority":5,"message":"Exception sending context initialized event to listener instance of class [de.hybris.platform.spring.HybrisContextLoaderListener]"<br>,"contextMap":{"sourceClassName":"org.apache.catalina.core.StandardContext","sourceMethodName":"listenerStart"},<br>"thrown":{"localizedMessage":"Error creating bean with name 'org.springframework.security.filterChains':<br> Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#3' while setting bean property 'sourceList' <br> with key [3]; nested exception is org.springframework.beans.factory.BeanCreationException: <br> Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#3': <br> Cannot resolve reference to bean 'samlMetadataFilter' while setting constructor argument with key [0]; <br> nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name <br> 'samlMetadataFilter' defined in ServletContext resource [/WEB-INF/security/spring-security-config.xml]: <br> Cannot resolve reference to bean 'defaultRelyingPartyRegistrationResolverIdAware' while setting constructor argument; <br> nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultRelyingPartyRegistrationResolverIdAware'<br> defined in ServletContext resource [/WEB-INF/security/spring-security-config.xml]: Cannot resolve reference to bean 'defaultRelyingPartyRegistrationResolver'<br> while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: <br> Error creating bean with name 'defaultRelyingPartyRegistrationResolver' defined in ServletContext resource [/WEB-INF/security/spring-security-config.xml]: <br> Cannot resolve reference to bean 'relyingPartyRegistrationRepository' while setting constructor argument; <br> nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'relyingPartyRegistrationRepository' <br> defined in ServletContext resource [/WEB-INF/security/spring-security-config.xml]: Cannot resolve reference to bean <br> 'saml2SigningAndDecryptionCredentials' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: <br> Error creating bean with name 'saml2SigningAndDecryptionCredentials' defined in ServletContext resource [/WEB-INF/security/spring-security-config.xml]: <br> Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: <br> Failed to instantiate [org.springframework.security.saml2.core.Saml2X509Credential]: Factory method 'getSigningAndDecryptionSaml2Credentials' <br> threw exception; nested exception is de.hybris.platform.samlsinglesignon.exceptions.KeyStoreInitializationException: Cant obtain key entry"<br> 

Are we missing any configuration? I would really appreciate if someone could provide some guidance.

Thanks & Regards

Accepted Solutions (0)

Answers (3)

Answers (3)

ravidesai22
Explorer

If it's working fine on your local, then there are mainly two major configurations needed on CCv2,

1. Your keystore (.JKS file) needs to be uploaded to cloud portal (under 'Security' -> 'Security Files') and should be associated with the appropriate environment.

2. In your 'manifest.json' file 'samlsinglesignon' extension should be listed under "webapps" section.

priyanka_gupta2692
Participant
0 Kudos

After adding appropriate environment in "Connected Environments" field in Security files tab where I have uploaded my jks and metadata file. Issue is resolved.

ravidesai22
Explorer
0 Kudos

Would you able to upvote (select as answer), if it has helped you in resolving your issue. I have converted the comment into answer just now.

former_member740549
Discoverer
0 Kudos

This issue is resolved. It was a SAML configuration issue in cloud. After correcting the configuration it was resolved.

0 Kudos

Hi Satish Kumar,

We are trying to do upgrade from 2011 to 2205 and we have used singlesignon extension as well. Can you please suggest me what are all changes required for SAML singlesignon extension upgrade. your suggestions would be great helpful for us.Thanks in Advance.

rohan1607
Explorer
0 Kudos

Hi vishnu_avanigadda - just checking, did you get all the info for the samlsinglesignon upgrade? Do you have multiple IDPs? If yes, I would like to understand how they are setup. We are upgrading now and are trying to configure multiple IDPs.

9948409868
Member
0 Kudos

What was SAML configuation issue in cloud?

0 Kudos

We are facing the same issue with upgrade from 2205 to 2205, what kinf of configuration updated to resolve this issue?

priyanka_gupta2692
Participant
0 Kudos

Please let us know what was the configuration issue in cloud portal and how to resolve this. I am also getting same issue.