Credential failed name check.

Ian Young ian at iay.org.uk
Thu Aug 20 10:45:29 EDT 2015


> On 20 Aug 2015, at 15:41, Johan Åkerstrøm <Johan.Akerstrom at skill.no> wrote:
> 
> See above there is no alternative cert to swap to. It is actually signing with the cert with the wrong Subject name.

If it was actually signing with that certificate (in particular, if it was using the private key corresponding to the public key in the certificate in metadata) then the IdP would not be looking at the certificate subject name at all, at least in the default IdP configuration.

    -- Ian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5250 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20150820/8354f25e/attachment-0001.p7s>


More information about the users mailing list