IdP v3 alpha 3: Message was signed, but signature could not be verified.

Cantor, Scott cantor.2 at
Mon Nov 3 22:50:50 EST 2014

On 11/4/14, 12:55 AM, "Gary Gwin" <ggwin at> wrote:
>1) The ant build "created" a keystore after asking for a fully-qualified 
>host name. Since /bin/cred.bat no longer existed in this alpha, I 
>assumed ant had created a default entry in the keystore. Bad assumption!

A fresh install should create PEM file pairs for signing and encryption, 
and a PKCS12 "keystore" (really just a PKCS12 file) for a backchannel key 
to load into Jetty or Tomcat.

There's a creds.[bat|sh] for re-running the generation utility for custom 
use, but the installer does this internally. An "upgrade" on top of a 
pre-installed IdP shouldn't do any generating at all.

There's no format used by default anymore for public/private keys that 
involves multiple entries.

>2) The version output is 2.4.

I'll check it, but reporting issues in Jira is the way to guarantee we'll 
remember to get to them.

With the final alpha done (I was going to announce, but I just haven't 
reviewed the docs yet), and the beta imminent, we can do any testing 
discussion here or dev, I don't care which.

-- Scott

More information about the users mailing list