IdP "Unable to encrypt assertion"

Cantor, Scott cantor.2 at
Tue Sep 27 04:33:02 BST 2011

On 9/26/11 11:29 PM, "Yeargan, Yancey" <yancey at> wrote:
>Knowing that I was no longer searching for an encryption issue but rather
>a metadata issue, I then looked over the earlier debug output yet again
>and did not see any messages about discarding any part of the SP
>metadata. Is element discarding a feature of OpenSAML or of Shibboleth?
>Are there any messages logged when this occurs? It would be very nice to
>have such a message logged at the INFO level, if possible.

The IdP when not schema validating doesn't reject invalid content in a
variety of scenarios. If you want stricter behavior (and you don't have a
trustworthy supplier of metadata), you would need to add a validation
filter. That's all there is.

-- Scott

More information about the users mailing list