Error configuring a new SP (Softdocs Etrieve): Failed to resolve both a data and a key encryption credential

Rod Widdowson rdw at
Thu Aug 16 05:15:59 EDT 2018

>  <rp:RelyingParty id="<sp_entityid>" provider="" defaultSigningCredentialRef="IdPCredential">
>      <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="false" encryptNameIds="false" />
>   </rp:RelyingParty>

No help, and you don't need to hear this having only just moved up from v2, but my strongest suggestion right now is to take the time to upgrade to the new relying-party.xml syntax.  Most people find it much easier to do.

The next IdP release (3.4 and any patches) will be the last release to support the legacy syntax.

>  Any suggestions on how to proceed or troubleshoot would be gratefully accepted!

Logging is always going to be helpful.  "net.shibboleth.idp.saml" might give you enough info/  But having spelunked through the code I think that you are getting confused by the settings .  AFAIR the values can be "always", "condtional" or "never".  But also from the code you should have had a warning about it as well.


More information about the users mailing list