Shibboleth NativeSP on FreeBSD 10.0
Cantor, Scott
cantor.2 at osu.edu
Fri May 9 12:44:59 EDT 2014
On 5/9/14, 11:51 AM, "Dan Turner" <dan.turner at york.ac.uk> wrote:
>
>I've looked at the Metadata that I'm uploading to testshib.org, and I
>can confirm that the correct certificates are being sent to
>testshib.org in the metadata, and I've tried setting
>extractNames="false" on the CredentialResolver in shibboleth2.xml,
>which simply changes the error in the logs (when set to DEBUG level).
Yes, but have you actually compared the KeyInfo in the encrypted XML from
the IdP to the certificate you have locally? The fact that extractNames
affects this at all suggests they don't match, and it's likely based on
that that the keys don't either, which would mean the metadata is in fact
wrong.
-- Scott
More information about the users
mailing list