Could not resolve a key encryption credential for peer entity

Peter Schober peter.schober at
Thu Sep 22 18:51:49 BST 2011

* Fong, Trevor <trevor.fong at> [2011-09-22 19:44]:
> Yup - we have turned off encryption for their SP, exactly as uChicago and Nate have suggested.  We have the following in our relying-party.xml:
>     <RelyingParty id=""
>                 provider="https://xxxxx/idp/shibboleth"
>                 defaultSigningCredentialRef="IdPCredential">
>        <ProfileConfiguration
>                   xsi:type="saml:SAML2SSOProfile"
>                   encryptAssertions="never"
>               encryptNameIds="never" />
>     </RelyingParty>
> So still no dice...

And you restarted the container (or configured the IdP to periodically
reload relying-party.xml and waited until the reload happened -- not
that that's recommended for relying-party.xml)?
Since the XML seems correct it must be something elselike not using
the config file, being on the wrong server (dev,qa,test,prod,whathaveyou)...

More information about the users mailing list