Credential failed name check.
Johan Åkerstrøm
Johan.Akerstrom at skill.no
Thu Aug 20 11:13:36 EDT 2015
Ian,
Ah, Perfect. Good info, thanks.
The cert I have is the same as the one in the metadata. So something is definitely wrong at the SP/metadata generation side. Will verify the request against the cert in the metadata to know for sure. Any good tools for that or should I just knock up a quick mock up tool?
Sent from my iPhone
> On 20 Aug 2015, at 16:46, Ian Young <ian at iay.org.uk> wrote:
>
>
>> On 20 Aug 2015, at 15:41, Johan Åkerstrøm <Johan.Akerstrom at skill.no> wrote:
>>
>> See above there is no alternative cert to swap to. It is actually signing with the cert with the wrong Subject name.
>
> If it was actually signing with that certificate (in particular, if it was using the private key corresponding to the public key in the certificate in metadata) then the IdP would not be looking at the certificate subject name at all, at least in the default IdP configuration.
>
> -- Ian
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list