Generate Metadata for IDP Record Not Working: Exception occured while generating the Metadata - Known Error

Generate Metadata for IDP Record Not Working: Exception occured while generating the Metadata Description In San Diego Release an Identity Provider (IdP) Record has any of the "Encryption And Signing" options checked and valid values entered for "Signing/Encryption Key Alias" and "Signing/Encryption Key Password" and "Signing Signature Algorithm", but the "Generate Metadata" button will fail with one of the following errors:

Exception occured while generating the Metadata: BCFKS KeyStore unable to recover private key (saml2sp): Error finalising cipher data: mac check in CCM failed Please check logs for more details.

Exception occured while generating the Metadata: Cannot recover key Please check logs for more details.

Steps to Reproduce

1. Create IDP record on a San Diego instance. 2. Save the record. 3. Click on UI action Generate metadata. 4. Observe the error.

Workaround The metadata can be generated this way:

(1) In the IdP record "Encryption and Signing" tab clear the values for " Signing/Encryption Key Alias" and "Signing/Encryption Key Password" and save the IdP record.

(2) Type-in the appropriate "Encryption And Signing" tab values for " Signing/Encryption Key Alias" and "Signing/Encryption Key Password" and immediately generate the metadata (without saving the IdP record) then share it with your IdP administrator for import to the IdP.

(3) Once the IdP administrator has the generated metadata the IdP Record can be saved, the signing functions should work even though Generate Metadata will not.