Ang: Re: Ang.: RE: Ang.: Re: Unsoclicited SSO questions
cantor.2 at osu.edu
Fri May 29 17:52:25 EDT 2015
On 5/29/15, 5:24 PM, "users on behalf of Johan Romin" <users-bounces at shibboleth.net on behalf of johan.romin at egbs.se> wrote:
>Alright, I've tried to remove the authnrequestsigned attribute and now the SP isn't able to validate the assertion
There is no possibility of that being related. That setting has no impact on the SP whatsoever. It wasn't able to validate the assertion to begin with. Several people have said that as I recall.
> I've contacted the Service Provider which are a part of IBM and they are using IBM Tivoli Federated Identity Manager as their endpoint. I'm not sure if this helps anyone but I hope it might shed some light onto this.
If they can't validate it, then they presumably have the wrong information for your IdP loaded, sourced from your metadata or otherwise. The key is wrong most likely, but it's their SP, and we certainly can't tell you what their logs say.
More information about the users