IdP "Unable to encrypt assertion"
Cantor, Scott
cantor.2 at osu.edu
Tue Sep 27 04:33:02 BST 2011
On 9/26/11 11:29 PM, "Yeargan, Yancey" <yancey at unt.edu> wrote:
>
>Knowing that I was no longer searching for an encryption issue but rather
>a metadata issue, I then looked over the earlier debug output yet again
>and did not see any messages about discarding any part of the SP
>metadata. Is element discarding a feature of OpenSAML or of Shibboleth?
>Are there any messages logged when this occurs? It would be very nice to
>have such a message logged at the INFO level, if possible.
The IdP when not schema validating doesn't reject invalid content in a
variety of scenarios. If you want stricter behavior (and you don't have a
trustworthy supplier of metadata), you would need to add a validation
filter. That's all there is.
-- Scott
More information about the users
mailing list