SP failing to decrypt assertion
Nate Klingenstein
ndk at internet2.edu
Wed May 14 14:40:19 EDT 2014
David,
Did you check permissions on the files? You will probably also see something very explicit in the SP's log at startup.
Thanks,
Nate.
On May 14, 2014, at 12:34 PM, David Bantz <dabantz at alaska.edu>
wrote:
> I agree that’s what the log message seems to say, but both sp-cert.pem and sp-key.pem are in the same directory as the shibboleth2.xml config file that refers to them as sp-cert.pem and so-key.pem. All in /etc/shibboleth
>
> David
>
>
> On Wed, 14 May 2014, at 10:29 , Tom Scavo <trscavo at gmail.com> wrote:
>
>> On Wed, May 14, 2014 at 2:27 PM, David Bantz <dabantz at alaska.edu> wrote:
>>> Shibbolizing an app (CentOS platform), we’re seeing the following error after authenticating against the IdP:
>>>
>>> 2014-05-14 10:13:03 WARN Shibboleth.SSO.SAML2 [10]: found encrypted assertions, but no CredentialResolver was available
>>> 2014-05-14 10:13:03 ERROR Shibboleth.SSO.SAML2 [10]: failed to decrypt assertion: No CredentialResolver supplied to provide decryption keys.
>>>
>>> Shibboleth2.xml retains the default simple credential resolver:
>>>
>>> <CredentiaResolver type=“File” key=“sp-key.pem” certificate=“sp-cert.pem”/>
>>>
>>> and manually inspecting, the certificate matches that used to encrypt the assertion in the IdP log.
>>>
>>> What are we doing wrong?
>>
>> Not sure but my guess is the Shib SP is not finding the key and cert files.
>>
>> Tom
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list