Shibboleth NativeSP on FreeBSD 10.0

Cantor, Scott cantor.2 at
Fri May 9 12:44:59 EDT 2014

On 5/9/14, 11:51 AM, "Dan Turner" <dan.turner at> wrote:
>I've looked at the Metadata that I'm uploading to, and I
>can confirm that the correct certificates are being sent to
> in the metadata, and I've tried setting
>extractNames="false" on the CredentialResolver in shibboleth2.xml,
>which simply changes the error in the logs (when set to DEBUG level).

Yes, but have you actually compared the KeyInfo in the encrypted XML from
the IdP to the certificate you have locally? The fact that extractNames
affects this at all suggests they don't match, and it's likely based on
that that the keys don't either, which would mean the metadata is in fact

-- Scott

More information about the users mailing list