Error configuring a new SP (Softdocs Etrieve): Failed to resolve both a data and a key encryption credential

Ben Poliakoff benp at
Thu Aug 16 13:02:17 EDT 2018

On Thu, Aug 16, 2018 at 2:16 AM Rod Widdowson <rdw at>

> >  <rp:RelyingParty id="<sp_entityid>" provider="
> defaultSigningCredentialRef="IdPCredential">
> >      <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
> encryptAssertions="false" encryptNameIds="false" />
> >   </rp:RelyingParty>
> No help, and you don't need to hear this having only just moved up from
> v2, but my strongest suggestion right now is to take the time to upgrade to
> the new relying-party.xml syntax.  Most people find it much easier to do.
> The next IdP release (3.4 and any patches) will be the last release to
> support the legacy syntax.

Thanks Rod.  I know that syntax update needs to happen, and I've spent a
bit of time looking at the docs.  But of course I'm in a time crunch to get
this new SP working ASAP.  As it's the only SP given us trouble at the
moment I'd like to get it working and then work out the syntax updates when
there's more time.

> >  Any suggestions on how to proceed or troubleshoot would be gratefully
> accepted!
> Logging is always going to be helpful.  "net.shibboleth.idp.saml" might
> give you enough info/  But having spelunked through the code I think that
> you are getting confused by the settings .  AFAIR the values can be
> "always", "condtional" or "never".  But also from the code you should have
> had a warning about it as well.
Yeah, confusion is a definite possibility! I've probably spent too much
time looking through mailing list posts and not enough looking through the
official documentation.

Thanks again for your suggestions!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list