SP failing to decrypt assertion
David Bantz
dabantz at alaska.edu
Wed May 14 14:27:12 EDT 2014
Shibbolizing an app (CentOS platform), we’re seeing the following error after authenticating against the IdP:
2014-05-14 10:13:03 WARN Shibboleth.SSO.SAML2 [10]: found encrypted assertions, but no CredentialResolver was available
2014-05-14 10:13:03 ERROR Shibboleth.SSO.SAML2 [10]: failed to decrypt assertion: No CredentialResolver supplied to provide decryption keys.
Shibboleth2.xml retains the default simple credential resolver:
<CredentiaResolver type=“File” key=“sp-key.pem” certificate=“sp-cert.pem”/>
and manually inspecting, the certificate matches that used to encrypt the assertion in the IdP log.
What are we doing wrong?
David Bantz / Dan Lasota
U Alaska
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140514/c309884e/attachment.bin
More information about the users
mailing list