Using JDK 1.6.x, when a Service Provider (SP) tries to verify a signed SAML2 response/assertion, the Identity Provider (IDP)throws a Null Pointer Exception.
Workaround. This problem occurs because JDK 1.6.x includes an older version of the XML security library. To fix this problem:
Create an endorsed directory in JDK 1.6.x. For example:
JDK_1.6_HOME_DIR/jre/lib/endorsed
Copy the xmlsec.jar file from the OpenSSO_WAR_extracted_dir/WEB-INF/lib directory to the endorsed directory.
Restart the OpenSSO Enterprise 8.0 web container.