Even if no duplicate JARs are visible, sometimes these libraries can still be present as bundled dependencies. By bundled, we mean that some Marketplace modules package third-party libraries internally and add them to the runtime classpath without exposing them directly in the userlib folder. As a result, you may not see duplicate JAR files, but an incompatible version can still be loaded at runtime.

BouncyCastle is not only used by SAML, but also by Encryption (and other security-related modules that use BouncyCastle if exists) . Therefore, it is recommended to upgrade both the SAML and Encryption modules to the latest versions compatible with Mendix 10.24 and test again.

Hi Jhansi,

From the error, it looks like you have a version conflict with org.bouncycastle.

As far as I know, this library is used by both the SAML and Encryption modules. You should see it listed under App Settings → Dependencies, not in the userlib folder.

Check that both modules are using the same version of BouncyCastle. If they are not, try updating the modules so their versions align.

Also note that the following prefixes all belong to the same library and must have matching versions:

bcprov, bcpkix, bcpg, bcutil

For example, all should be version 1.81 to avoid conflicts.

I hope that helps.

As both Ahmet and Mohammad have said, this points to a duplication of the bouncycastle .jar files in your application.

These have a slightly different naming convention from the other .jar files, so you may have missed them when looking for duplicates. 

You want to keep the .jar files that have the format bc<name>-jdk18on-1.81.jar. If you see any with the format bc<name>-<jdk15 or similar>.jar then delete those. Check both the userlib and vendorlib. You normally want to keep those in the vendorlib as those are managed dependencies.

Good luck!

Since you have upgraded, try Mendix-userlib-cleaner. It automates what Robert is describing above. Or a newer project: Mendix-userlib-cleanup