supplied TrustEngine failed to validate SSL/TLS server certificate - while validating the saml response send by idp to SP

Peter Schober peter.schober at
Thu Jul 26 06:43:31 EDT 2018

* anuptiwary < at> [2018-07-26 12:31]:
> ERROR Shibboleth.AttributeResolver.Query [29]: exception during SAML query
> to https://localhost:8443/idp/profile/SAML2/SOAP/AttributeQuery:
> CURLSOAPTransport failed while contacting SOAP endpoint
> (https://localhost:8443/idp/profile/SAML2/SOAP/AttributeQuery): SSL
> certificate problem: application verification failure

Why are you using Attribute Queries at all? Is that by design or
unintentional? (If the latter: "If it hurts stop doing it.")

If intentional, what's the certificate the IDP presents on port 8443?
How exactly did you configure the IDP (or Tomcat) wrt that port? Did
you configure Tomcat to use the idp-backchannel.p12 key pair for 8443?

Does the SP have this certificate available from the IDP's metadata?

>From the image you sent it's not clear at all how the IDP is exposed
to the network SP and what role Apache httpd plays here.

And all of this is simply a demo setup, since you seem to be running
the IDP and the SP all on the same box? Or what else is this for?


More information about the users mailing list