Error creating SP metadata when adding X509 certificate for encryption
Lipscomb, Gary
glipscomb at csu.edu.au
Mon Feb 26 19:31:02 EST 2018
Hi Scott,
I'm a bit confused. Are you saying even if I had a valid certificate not using the PKCS 1.5 in the SP metadata it wouldn't be used.
Regards
Gary
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Tuesday, 27 February 2018 11:18 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Error creating SP metadata when adding X509 certificate for encryption
On 2/26/18, 6:34 PM, "users on behalf of Lipscomb, Gary" <users-bounces at shibboleth.net on behalf of glipscomb at csu.edu.au> wrote:
> Any ideas? Have I left any section out of the metadata.
The IdP won't use it anyway, but you should be aware that the PKCS 1.5 padding method that metadata is trying to convince the IdP to use is broken and is turned off for safety in Shibboleth. Nobody should be using it and it would be a significant security flaw to do so.
That isn't your problem either, but it just reinforces what a mess this is.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list