IdP "Unable to encrypt assertion"

Yeargan, Yancey yancey at
Tue Sep 27 06:25:13 BST 2011

I added the schema validation filter for all relying parties and corrected a couple of errors that were discovered as a result. Thanks for the tip. I'll sleep better now.


On Sep 26, 2011, at 10:33 PM, Cantor, Scott wrote:

> On 9/26/11 11:29 PM, "Yeargan, Yancey" <yancey at> wrote:
>> Knowing that I was no longer searching for an encryption issue but rather
>> a metadata issue, I then looked over the earlier debug output yet again
>> and did not see any messages about discarding any part of the SP
>> metadata. Is element discarding a feature of OpenSAML or of Shibboleth?
>> Are there any messages logged when this occurs? It would be very nice to
>> have such a message logged at the INFO level, if possible.
> The IdP when not schema validating doesn't reject invalid content in a
> variety of scenarios. If you want stricter behavior (and you don't have a
> trustworthy supplier of metadata), you would need to add a validation
> filter. That's all there is.
> -- Scott

More information about the users mailing list