SP failing to decrypt assertion

David Bantz dabantz at alaska.edu
Wed May 14 14:27:12 EDT 2014

Shibbolizing an app (CentOS platform), we’re seeing the following error after authenticating against the IdP:

2014-05-14 10:13:03 WARN Shibboleth.SSO.SAML2 [10]: found encrypted assertions, but no CredentialResolver was available
2014-05-14 10:13:03 ERROR Shibboleth.SSO.SAML2 [10]: failed to decrypt assertion: No CredentialResolver supplied to provide decryption keys.

Shibboleth2.xml retains the default simple credential resolver:

<CredentiaResolver type=“File” key=“sp-key.pem” certificate=“sp-cert.pem”/>

and manually inspecting, the certificate matches that used to encrypt the assertion in the IdP log.

What are we doing wrong?

David Bantz / Dan Lasota
U Alaska
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140514/c309884e/attachment.bin 

More information about the users mailing list