Error creating SP metadata when adding X509 certificate for encryption

Cantor, Scott cantor.2 at
Mon Feb 26 19:17:46 EST 2018

On 2/26/18, 6:34 PM, "users on behalf of Lipscomb, Gary" <users-bounces at on behalf of glipscomb at> wrote:

> Any ideas? Have I left any section out of the metadata.

The IdP won't use it anyway, but you should be aware that the PKCS 1.5 padding method that metadata is trying to convince the IdP to use is broken and is turned off for safety in Shibboleth. Nobody should be using it and it would be a significant security flaw to do so.

That isn't your problem either, but it just reinforces what a mess this is.
-- Scott

More information about the users mailing list