Help with StaticPKIX test

Jonathan Bricker jbricker at
Wed Sep 7 13:23:29 BST 2011

I'm trying to set up a StaticPKIX trust engine on our SP.  This is the first time I've done this with Shibboleth.   I'm getting a ProfileException that the signature cannot be verified.  This is all in a sandbox so I have complete control over my setup.

I created my own CA cert via openssl.  I then created new key and cert for my test IDP that was signed by my CA and did a key roll over. I tested vs the SP with just the changed key and it worked.

I set up my SP trust engine like so...

<TrustEngine type="StaticPKIX">
                                <CredentialResolver type="File">
                                                <Certificate format="PEM">

One question would be my metadata from the Idp.  I do not see attributes in the KeyDescriptors or KeyInfo tags.  I assume that this is a config problem on the Idp.  How can I make sure that key names from the cert are passed so the PKIX will work?


-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list