Authentication request signing fails when tenant is not loaded

Describe the issue: Federated SAML2 authentication fails when authentication request signing is enabled and a tenant is not loaded

How to reproduce:

Add new tenant from management console
Login to management console as new tenant
Add new Identity Provider configuration
Configure the IdP for SAML2 Federated Authentication (Federated Authenticators -> SAML2 Web SSO Configuration)
Enable Authentication Request Signing in SAML2 Web SSO Configuration
Add new Service Provider configuration
Configure the SP as OIDC (Inbound Authentication Configuration -> OAuth/OpenID Connect Configuration)
Configure the SP to use Federated Authentication with the IdP from above (Local & Outbound Authentication Configuration)
Restart the server
Attempt an OIDC request

Example request

https://localhost:9443/oauth2/authorize?scope=openid&client_id=<SP_client_id>&client_secret=<SP_client_secret>&redirect_uri=<SP_callback_url>&response_type=code

Observed logfile

TID: [1] [] [2021-04-22 03:37:05,076] [6a17e9fa-6859-4aa9-a1af-276ca6d3e15a] ERROR {org.wso2.carbon.core.util.KeyStoreManager} - Error loading the private key from the key store : sample-tenant.jks
TID: [-1234] [] [2021-04-22 03:37:05,077] [6a17e9fa-6859-4aa9-a1af-276ca6d3e15a] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} - Authentication failed exception! Error retrieving private key and the certificate for tenant sample.tenant

Expected behavior: Federated SAML authentication should be able to sign authentication requests without the tenant needing to be actively loaded.

Environment information

Product Version: IS v5.12.0-m16, IS 5.11.0 (docker image), IS 5.10.0 (docker image)
OS: Ubuntu 20.04
Database: MySQL 5.7, embedded H2

Optional Fields

Related issues: https://github.com/wso2/product-is/issues/6322

Suggested labels: bug

wso2 / product-is

Authentication request signing fails when tenant is not loaded #11636

Optional Fields