IdP "Unable to encrypt assertion"
Cantor, Scott
cantor.2 at osu.edu
Mon Sep 26 18:25:34 BST 2011
On 9/26/11 1:21 PM, "Yeargan, Yancey" <yancey at unt.edu> wrote:
>
>Here's my best guess so far:
>Must the X.509 subject name CN value in the SP's certificate match the
>SP's DNS host name?
No.
>Here is the SP metadata that we received from the vendor. I redacted
>references to the vendor and certificate data.
If that's the metadata you're using, then it would work, unless the log
includes some low level indication of why encryption would have failed. I
would speculate that the cert is unusual in some fundamental way (not an
RSA key for example), or the entityID isn't correct in the request or
something like that.
-- Scott
More information about the users
mailing list