testshib issue
Chance Cox
ccox14 at elon.edu
Wed Feb 27 12:45:17 EST 2013
Below is the error i get. I believe the main issue is 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: certificate subject: CN=idp.elon.edu
but im not sure how to resolve the issue. Any suggestions? i apologize if this is a somewhat basic question.
2013-02-27 12:41:17 DEBUG XMLTooling.StorageService [275]: inserted record (_83359c540b8a0d7ba2f4371d8fc2c264) in context (MessageFlow) with expiration (1361987115)
2013-02-27 12:41:17 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [275]: validating signature profile
2013-02-27 12:41:17 DEBUG XMLTooling.KeyInfoResolver.Inline [275]: resolving ds:X509Certificate
2013-02-27 12:41:17 DEBUG XMLTooling.KeyInfoResolver.Inline [275]: resolved 1 certificate(s)
2013-02-27 12:41:17 DEBUG XMLTooling.KeyInfoResolver.Inline [275]: resolved 0 CRL(s)
2013-02-27 12:41:17 DEBUG XMLTooling.CredentialCriteria [275]: keys didn't match
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.ExplicitKey [275]: unable to validate signature, no credentials available from peer
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: validating signature using certificate from within the signature
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: signature verified with key inside signature, attempting certificate validation...
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: checking that the certificate name is acceptable
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: adding to list of trusted names (https://testshib.elon.edu/idp/shibboleth)
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: certificate subject: CN=idp.elon.edu
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: unable to match DN, trying TLS subjectAltName match
2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: unable to match subjectAltName, trying TLS CN match
2013-02-27 12:41:17 ERROR XMLTooling.TrustEngine.PKIX [275]: certificate name was not acceptable
2013-02-27 12:41:17 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [275]: unable to verify message signature with supplied trust engine
2013-02-27 12:41:17 WARN Shibboleth.SSO.SAML2 [275]: detected a problem with assertion: Message was signed, but signature could not be verified.
On Feb 27, 2013, at 11:39 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
> On 2/27/13 8:35 AM, "Chance Cox" <ccox14 at elon.edu> wrote:
>>
>> I have a test idp the entityid is
>> https://testshib.elon.edu/idp/shibboleth It has worked for months and I
>> haven't made any changes. I tried to test it with testshib today and im
>> getting this message.
>>
>> Message was signed, but signature could not be verified.
>
> The point of testshib is to let you see the logs on the SP so you can find
> out what it's actually doing and why it might be failing, so I'd suggest
> checking the logs (I can't say how, but I'm fairly certain the shibd.log
> is viewable).
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
More information about the users
mailing list