Running into issue after enabling FIPS mode on Okta

Questions
1

Okta enabled fips for my org.

After enabling fips mode, both SP and IDP initiated logins are failing with this error:

10-Nov-2020 05:38:40,727 UTC INFO [Decrypter] (default task-15) |default| algorithm is : http://www.w3.org/2001/04/xmlenc#aes256-cbc
10-Nov-2020 05:38:40,727 UTC ERROR [SAMLProcessingFilter] (default task-15) |default| Exception -
java.lang.NullPointerException: null
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:531) ~[xmltooling-1.4.4.jar:?]
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:453) ~[xmltooling-1.4.4.jar:?]
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:414) ~[xmltooling-1.4.4.jar:?]
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141) ~[opensaml-2.6.4.jar:?]
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69) ~[opensaml-2.6.4.jar:?]
at com.manage.server.sso.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:237) ~
at com.manage.server.sso.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:78) ~
at com.manage.server.sso.saml.SAMLProcessingFilter.doFilter(SAMLProcessingFilter.java:180) ~
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.13.0.jar:2.13.0]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) ~[?:?]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) ~[?:?]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) ~[?:?]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) ~[undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) ~[?:?]
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541) ~[?:?]
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541) ~[?:?]
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541) ~[?:?]
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541) ~[?:?]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.1.0.Final.jar!/:2.1.0.Final]
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-2.3.3.Final.jar!/:2.3.3.Final]
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) [jboss-threads-2.3.3.Final.jar!/:2.3.3.Final]
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) [jboss-threads-2.3.3.Final.jar!/:2.3.3.Final]
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) [jboss-threads-2.3.3.Final.jar!/:2.3.3.Final]
at java.lang.Thread.run(Thread.java:834) [?:?]
10-Nov-2020 05:38:45,208 UTC INFO [SAMLProtocolMessageXMLSignatureSecurityPolicyRule] (default task-17) || Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response

2

Hi @rtemburn! Looks like this is a duplicate post. Please open a support ticket through an email to [support@okta.com](mailto:support@okta.com) with this issue you are facing. One of our Support Engineers will assist you in narrowing down the root cause of the error.