PKIX validation of signature failed, unable to resolve valid and trusted signing key - Shibboleth Idp and Spring-Saml

Thomas Jones thomas.jones.g at
Tue Sep 9 11:40:13 EDT 2014

Thanks Tom for your answer.

That was the problem, although I was hoping that Shibb's IDP will give me a
more accurate error; I'm not saying that the message was wrong, but that
the error was more related to xml schema-valid than expire or wrong

Thanks again.


On Mon, Sep 8, 2014 at 8:17 AM, Tom Scavo <trscavo at> wrote:

> On Mon, Sep 8, 2014 at 9:04 AM, Thomas Jones <thomas.jones.g at>
> wrote:
> >
> > I loaded Shib's idp.crt file into the SP (they stored it in the KeyStore)
> > but as you can see I getting a problem with the certificate.
> For starters, the SP's metadata does not appear to be schema-valid.
> There should be a <md:KeyDescriptor> element around <ds:KeyInfo>, I
> believe.
> Tom
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list