SP failing to decrypt assertion
Tom Scavo
trscavo at gmail.com
Wed May 14 14:29:59 EDT 2014
On Wed, May 14, 2014 at 2:27 PM, David Bantz <dabantz at alaska.edu> wrote:
> Shibbolizing an app (CentOS platform), we’re seeing the following error after authenticating against the IdP:
>
> 2014-05-14 10:13:03 WARN Shibboleth.SSO.SAML2 [10]: found encrypted assertions, but no CredentialResolver was available
> 2014-05-14 10:13:03 ERROR Shibboleth.SSO.SAML2 [10]: failed to decrypt assertion: No CredentialResolver supplied to provide decryption keys.
>
> Shibboleth2.xml retains the default simple credential resolver:
>
> <CredentiaResolver type=“File” key=“sp-key.pem” certificate=“sp-cert.pem”/>
>
> and manually inspecting, the certificate matches that used to encrypt the assertion in the IdP log.
>
> What are we doing wrong?
Not sure but my guess is the Shib SP is not finding the key and cert files.
Tom
More information about the users
mailing list