Help with StaticPKIX test
cantor.2 at osu.edu
Wed Sep 7 14:56:32 BST 2011
On 9/7/11 8:23 AM, "Jonathan Bricker" <jbricker at exacttarget.com> wrote:
>I¹m trying to set up a StaticPKIX trust engine on our SP. This is the
>first time I¹ve done this with Shibboleth. I¹m getting a
>ProfileException that the signature cannot be verified. This is all in a
>sandbox so I have complete control over my setup.
The purpose of that trust engine is for verifying metadata, not for SAML
>One question would be my metadata from the Idp. I do not see attributes
>in the KeyDescriptors or KeyInfo tags. I assume that this is a config
>problem on the Idp. How can I make sure that key names from the cert are
>passed so the PKIX will work?
That trust engine doesn't rely on metadata, which is why it's used for
different things. I don't know offhand how or whether it would work in
other contexts. In principal it would not unless the certificate contained
the entityID of the message issuer in every case.
More information about the users