Possible problem with key exchange
Muzinich, Mike
MuziniM at losrios.edu
Wed Apr 25 22:32:34 BST 2012
We are in the process of upgrading our systems from Red Hat EL5 to EL6 but are having problems authenticating to Google Apps. The error we are receiving is "this account cannot be accessed because your credentials were not verified". This is supposedly due to issues with "the private key used to sign the SAMLResponse does not match the public key certificate".
I brought over the entire /opt/shibboleth-idp directory structure from a functional system and thought I had Tomcat and Apache configured correctly but obviously have something configured incorrectly. Incidentally, the FQDN in the Shibboleth configuration is a CNAME which I change to go from our production system to the new system. I re-uploaded the public key from the new system without success. Also when I changed the CNAME back to the production system everything worked correctly without having to upload the public key.
Any ideas?
Mike Muzinich
Network Security Administrator
Los Rios Community College District
mike.muzinich at losrios.edu
(916)568-3013
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120425/f40fdb95/attachment.html
More information about the users
mailing list