Help with StaticPKIX test
Cantor, Scott
cantor.2 at osu.edu
Wed Sep 7 14:56:32 BST 2011
On 9/7/11 8:23 AM, "Jonathan Bricker" <jbricker at exacttarget.com> wrote:
>I¹m trying to set up a StaticPKIX trust engine on our SP. This is the
>first time I¹ve done this with Shibboleth. I¹m getting a
>ProfileException that the signature cannot be verified. This is all in a
>sandbox so I have complete control over my setup.
The purpose of that trust engine is for verifying metadata, not for SAML
message use.
>
>One question would be my metadata from the Idp. I do not see attributes
>in the KeyDescriptors or KeyInfo tags. I assume that this is a config
>problem on the Idp. How can I make sure that key names from the cert are
>passed so the PKIX will work?
That trust engine doesn't rely on metadata, which is why it's used for
different things. I don't know offhand how or whether it would work in
other contexts. In principal it would not unless the certificate contained
the entityID of the message issuer in every case.
-- Scott
More information about the users
mailing list