IdP "Unable to encrypt assertion"
Yeargan, Yancey
yancey at unt.edu
Tue Sep 27 06:25:13 BST 2011
I added the schema validation filter for all relying parties and corrected a couple of errors that were discovered as a result. Thanks for the tip. I'll sleep better now.
Yancey
On Sep 26, 2011, at 10:33 PM, Cantor, Scott wrote:
> On 9/26/11 11:29 PM, "Yeargan, Yancey" <yancey at unt.edu> wrote:
>>
>> Knowing that I was no longer searching for an encryption issue but rather
>> a metadata issue, I then looked over the earlier debug output yet again
>> and did not see any messages about discarding any part of the SP
>> metadata. Is element discarding a feature of OpenSAML or of Shibboleth?
>> Are there any messages logged when this occurs? It would be very nice to
>> have such a message logged at the INFO level, if possible.
>
> The IdP when not schema validating doesn't reject invalid content in a
> variety of scenarios. If you want stricter behavior (and you don't have a
> trustworthy supplier of metadata), you would need to add a validation
> filter. That's all there is.
>
> -- Scott
More information about the users
mailing list