Sun OpenSSO Enterprise 8.0 Update 1 Release Notes

CR 6831687: SAML2 post profile fails on the Service Provider (SP)

Using JDK 1.6.x, when a Service Provider (SP) tries to verify a signed SAML2 response/assertion, the Identity Provider (IDP)throws a Null Pointer Exception.

Workaround. This problem occurs because JDK 1.6.x includes an older version of the XML security library. To fix this problem:

  1. Create an endorsed directory in JDK 1.6.x. For example:


  2. Copy the xmlsec.jar file from the OpenSSO_WAR_extracted_dir/WEB-INF/lib directory to the endorsed directory.

  3. Restart the OpenSSO Enterprise 8.0 web container.