Credential failed name check.

Johan Åkerstrøm Johan.Akerstrom at
Thu Aug 20 11:13:36 EDT 2015


Ah, Perfect. Good info, thanks. 

The cert I have is the same as the one in the metadata. So something is definitely wrong at the SP/metadata generation side. Will verify the request against the cert in the metadata to know for sure. Any good tools for that or should I just knock up a quick mock up tool?

Sent from my iPhone

> On 20 Aug 2015, at 16:46, Ian Young <ian at> wrote:
>> On 20 Aug 2015, at 15:41, Johan Åkerstrøm <Johan.Akerstrom at> wrote:
>> See above there is no alternative cert to swap to. It is actually signing with the cert with the wrong Subject name.
> If it was actually signing with that certificate (in particular, if it was using the private key corresponding to the public key in the certificate in metadata) then the IdP would not be looking at the certificate subject name at all, at least in the default IdP configuration.
>    -- Ian
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list