Jan Mikeš
06/05/2023, 11:30 AM{
"error": {
"errorClass": "PgpMessageDecryptException",
"trace": "",
"message": "Cannot decrypt SSO message from sso provider=kofo. Invalid sessionId",
"component": "Webapp",
"errorId": "4ea8e13a-fc23-4cd7-8a94-89016f8ed702",
"errorCode": "sso.decrypt",
"parameters": []
}
}
I do not fully understand the error message - what session id is invalid and how can i make it valid? Claims should be valid.
If that helps, domain is <https://gooddata.svc.omnetic.com>
I am little confused, because we are successfully using this method on other workspace, difference is only in domain+workspace and keys.
Request is:
POST {{baseUri}}/gdc/account/customerlogin
{
"pgpLoginRequest": {
"encryptedClaims": "<redacted>",
"ssoProvider": "kofo",
"targetUrl": "/gdc/account/token"
}
}
Jan Mikeš
06/05/2023, 11:42 AM{{baseUri}}/gdc/domains/{{domainId}}/authentication/providers/kofo
) and it matches the private key pair with which i am signing the messageIvana Gasparekova
06/05/2023, 11:43 AMjava.security.InvalidKeyException: Supplied key (org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey) is not a RSAPublicKey instance
Jan Mikeš
06/05/2023, 11:47 AMIvana Gasparekova
06/05/2023, 11:50 AMJan Mikeš
06/05/2023, 11:57 AMJan Mikeš
06/05/2023, 11:57 AMJan Mikeš
06/05/2023, 11:58 AMJan Mikeš
06/05/2023, 11:58 AM{
"error": {
"errorClass": "PgpMessageDecryptException",
"trace": "",
"message": "Cannot decrypt SSO message from sso provider=kofo. Invalid sessionId",
"component": "Webapp",
"errorId": "6f894f57-4723-4051-a72b-ffa5ac5ba4cc",
"errorCode": "sso.decrypt",
"parameters": []
}
}
Ivana Gasparekova
06/05/2023, 12:15 PMJan Mikeš
06/05/2023, 12:22 PM{
"email": "<mailto:jan.mikes@carvago.com|jan.mikes@carvago.com>",
"validity": 1686092197
}
Jan Mikeš
06/05/2023, 12:23 PMJan Mikeš
06/05/2023, 12:24 PMIvana Gasparekova
06/05/2023, 12:24 PMIvana Gasparekova
06/05/2023, 12:53 PMCannot get instance of PGPEncryptedDataList from input stream.
Please let me know how does it go.Michal Hauzírek
06/05/2023, 1:00 PMJan Mikeš
06/05/2023, 2:06 PMJan Mikeš
06/05/2023, 2:10 PM{
"error": {
"errorClass": "PgpMessageDecryptException",
"trace": "",
"message": "Cannot decrypt SSO message from sso provider=kofo. Invalid sessionId",
"component": "Webapp",
"errorId": "e0d022e1-a5bd-4dec-bd60-9a0087cba143",
"errorCode": "sso.decrypt",
"parameters": []
}
}
will try everything again from scratch to make sure i made no mistakeJan Mikeš
06/05/2023, 2:35 PMJan Mikeš
06/05/2023, 2:36 PMBoris
06/05/2023, 2:37 PMunknown PGP public key algorithm encountered: 86
How are you generating the PGP keypair?Jan Mikeš
06/05/2023, 2:42 PM❯ gpg --full-generate-key --openpgp
gpg (GnuPG) 2.4.0; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
(1) Curve 25519 *default*
(4) NIST P-384
(6) Brainpool P-256
Your selection? 1
Jan Mikeš
06/05/2023, 2:42 PMJan Mikeš
06/05/2023, 2:42 PMBoris
06/05/2023, 2:46 PMBoris
06/05/2023, 3:57 PMgpg --armor -u <my_key_id> --output signed.txt --sign claims.json
gpg --armor --output enc.txt --encrypt --recipient <mailto:security@gooddata.com|security@gooddata.com> signed.txt
and it was working fineJan Mikeš
06/05/2023, 4:19 PMJan Mikeš
06/05/2023, 4:19 PMJan Mikeš
06/05/2023, 4:20 PM```gpg --armor -u <my_key_id> --output signed.txt --sign claims.json
gpg --armor --output enc.txt --encrypt --recipient security@gooddata.com signed.txt```yeah, was doing that, 1st sign with our private key, then sign with gooddata public
Jan Mikeš
06/05/2023, 4:20 PMJan Mikeš
06/05/2023, 4:20 PMJan Mikeš
06/05/2023, 4:20 PMJan Mikeš
06/05/2023, 4:21 PM❯ gpg --list-keys --keyid-format=long -v <http://carvago.com|carvago.com>
gpg: enabled compatibility flags:
gpg: using pgp trust model
pub rsa3072/4E2F4F5FA4F1D45F 2022-09-13 [SC]
4B06F51A041D4743A04883AE4E2F4F5FA4F1D45F
uid [ unknown] <mailto:data@carvago.com|data@carvago.com> <data@carvago.com>
pub ed25519/40D683AC36262977 2023-01-03 [SC]
01112616A76667554A54C2FD40D683AC36262977
uid [ unknown] <mailto:data@carvago.com|data@carvago.com> <data@carvago.com>
sub cv25519/6F9B3791D76DD4F5 2023-01-03 [E]
Jan Mikeš
06/05/2023, 4:22 PMgpg --import
did import 2 keysJan Mikeš
06/05/2023, 4:22 PMJan Mikeš
06/05/2023, 4:23 PMrsa3072
) and signed with the same <mailto:data@carvago.com|data@carvago.com>
key, it started working 🤷Jan Mikeš
06/05/2023, 4:23 PMJan Mikeš
06/05/2023, 4:28 PMJan Mikeš
06/05/2023, 4:28 PM