SP failing to decrypt assertion

David Bantz dabantz at alaska.edu
Wed May 14 14:34:38 EDT 2014

I agree that’s what the log message seems to say, but both sp-cert.pem and sp-key.pem are in the same directory as the shibboleth2.xml config file that refers to them as sp-cert.pem and so-key.pem.  All in /etc/shibboleth


On Wed, 14 May 2014, at 10:29 , Tom Scavo <trscavo at gmail.com> wrote:

> On Wed, May 14, 2014 at 2:27 PM, David Bantz <dabantz at alaska.edu> wrote:
>> Shibbolizing an app (CentOS platform), we’re seeing the following error after authenticating against the IdP:
>> 2014-05-14 10:13:03 WARN Shibboleth.SSO.SAML2 [10]: found encrypted assertions, but no CredentialResolver was available
>> 2014-05-14 10:13:03 ERROR Shibboleth.SSO.SAML2 [10]: failed to decrypt assertion: No CredentialResolver supplied to provide decryption keys.
>> Shibboleth2.xml retains the default simple credential resolver:
>> <CredentiaResolver type=“File” key=“sp-key.pem” certificate=“sp-cert.pem”/>
>> and manually inspecting, the certificate matches that used to encrypt the assertion in the IdP log.
>> What are we doing wrong?
> Not sure but my guess is the Shib SP is not finding the key and cert files.
> Tom
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140514/8eb20b42/attachment-0001.bin 

More information about the users mailing list