Veoci Integration

[Klingenstein, Nate]

> If the signature fails, it says so in so many words. If encryption key lookup fails, the error would be more generic but the log will certainly say so,

That was my expectation.  I could swear up and down that the first WARN
was failure to locate an encryption key.  Signature failing would make
sense.

>  and in neither case does it return that status that I recall.

I wouldn't expect it to.  This behavior makes no sense.

> Debugging a signature is essentially close to pointless but a key lookup issue when the metadata contains a key should have a very specific cause.

I'll bring a complete DEBUG tomorrow.  They said they had already done
integrations with Shibboleth, so whatever it is, it's probably site
specific.