testshib issue
Chance Cox
ccox14 at elon.edu
Wed Feb 27 13:32:53 EST 2013
That did the trick. im so confused as to why it worked before *shrug* oh well it works again. Thanks all!!
On Feb 27, 2013, at 12:58 PM, jsoto <jsoto at ubiobio.cl>
wrote:
> Hi,
> is a certificate problem.
>
>
> El mié, 27-02-2013 a las 17:45 +0000, Chance Cox escribió:
>> Below is the error i get. I believe the main issue is 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: certificate subject: CN=idp.elon.edu
>> but im not sure how to resolve the issue. Any suggestions? i apologize if this is a somewhat basic question.
>>
>> 2013-02-27 12:41:17 DEBUG XMLTooling.StorageService [275]: inserted record (_83359c540b8a0d7ba2f4371d8fc2c264) in context (MessageFlow) with expiration (1361987115)
>> 2013-02-27 12:41:17 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [275]: validating signature profile
>> 2013-02-27 12:41:17 DEBUG XMLTooling.KeyInfoResolver.Inline [275]: resolving ds:X509Certificate
>> 2013-02-27 12:41:17 DEBUG XMLTooling.KeyInfoResolver.Inline [275]: resolved 1 certificate(s)
>> 2013-02-27 12:41:17 DEBUG XMLTooling.KeyInfoResolver.Inline [275]: resolved 0 CRL(s)
>> 2013-02-27 12:41:17 DEBUG XMLTooling.CredentialCriteria [275]: keys didn't match
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.ExplicitKey [275]: unable to validate signature, no credentials available from peer
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: validating signature using certificate from within the signature
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: signature verified with key inside signature, attempting certificate validation...
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: checking that the certificate name is acceptable
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: adding to list of trusted names (https://testshib.elon.edu/idp/shibboleth)
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: certificate subject: CN=idp.elon.edu
>
> You are using a cert for idp.elon.edu in testshib.elon.edu
> create a cert for testshib.elon.edu, replace your metadata and register
> again in testshib.
>
>
>
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: unable to match DN, trying TLS subjectAltName match
>> 2013-02-27 12:41:17 DEBUG XMLTooling.TrustEngine.PKIX [275]: unable to match subjectAltName, trying TLS CN match
>> 2013-02-27 12:41:17 ERROR XMLTooling.TrustEngine.PKIX [275]: certificate name was not acceptable
>> 2013-02-27 12:41:17 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [275]: unable to verify message signature with supplied trust engine
>> 2013-02-27 12:41:17 WARN Shibboleth.SSO.SAML2 [275]: detected a problem with assertion: Message was signed, but signature could not be verified.
>>
>>
>> On Feb 27, 2013, at 11:39 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>>
>>> On 2/27/13 8:35 AM, "Chance Cox" <ccox14 at elon.edu> wrote:
>>>>
>>>> I have a test idp the entityid is
>>>> https://testshib.elon.edu/idp/shibboleth It has worked for months and I
>>>> haven't made any changes. I tried to test it with testshib today and im
>>>> getting this message.
>>>>
>>>> Message was signed, but signature could not be verified.
>>>
>>> The point of testshib is to let you see the logs on the SP so you can find
>>> out what it's actually doing and why it might be failing, so I'd suggest
>>> checking the logs (I can't say how, but I'm fairly certain the shibd.log
>>> is viewable).
>>>
>>> -- Scott
>>>
>>>
>>> --
>>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>>>
>>
>>
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>>
>
> --
> Juan Paulo Soto
> Departamento Servicios Computacionales
> Fono: (56)(41)3111548
> Av. Collao 1202 - Concepción
> jsoto at ubiobio.cl – http://sti.ubiobio.cl
>
>
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list