SP failing to decrypt assertion

Tom Scavo trscavo at gmail.com
Wed May 14 14:29:59 EDT 2014

On Wed, May 14, 2014 at 2:27 PM, David Bantz <dabantz at alaska.edu> wrote:
> Shibbolizing an app (CentOS platform), we’re seeing the following error after authenticating against the IdP:
> 2014-05-14 10:13:03 WARN Shibboleth.SSO.SAML2 [10]: found encrypted assertions, but no CredentialResolver was available
> 2014-05-14 10:13:03 ERROR Shibboleth.SSO.SAML2 [10]: failed to decrypt assertion: No CredentialResolver supplied to provide decryption keys.
> Shibboleth2.xml retains the default simple credential resolver:
> <CredentiaResolver type=“File” key=“sp-key.pem” certificate=“sp-cert.pem”/>
> and manually inspecting, the certificate matches that used to encrypt the assertion in the IdP log.
> What are we doing wrong?

Not sure but my guess is the Shib SP is not finding the key and cert files.


More information about the users mailing list