IdP "Unable to encrypt assertion"

Cantor, Scott cantor.2 at
Mon Sep 26 18:25:34 BST 2011

On 9/26/11 1:21 PM, "Yeargan, Yancey" <yancey at> wrote:
>Here's my best guess so far:
>Must the X.509 subject name CN value in the SP's certificate match the
>SP's DNS host name?


>Here is the SP metadata that we received from the vendor. I redacted
>references to the vendor and certificate data.

If that's the metadata you're using, then it would work, unless the log
includes some low level indication of why encryption would have failed. I
would speculate that the cert is unusual in some fundamental way (not an
RSA key for example), or the entityID isn't correct in the request or
something like that.

-- Scott

More information about the users mailing list