supplied TrustEngine failed to validate SSL/TLS server certificate - while validating the saml response send by idp to SP

Peter Schober peter.schober at
Fri Jul 27 07:41:33 EDT 2018

Forgot to comment on some of your statements:

* anuptiwary < at> [2018-07-27 13:05]:
> As I can see in idp-process log. there is attribute principalId
> which is released by idp

No, your log states:

  "No attributes remained after encoding and filtering by value, no
  attribute statement built"

So no attributes have been released. From other log lines that's
because it has no encoder attached to it. So your resolver is likely

> but seems my attribute-mapping or some other mapping does not hold
> true to pass it to SP.

That wouldn't make a missing attribute appear, but we also don't know
your attribute map.

> I have now configured below line (where principleId is now added ) after
> looking at idp-process logs.
> <ApplicationDefaults entityID="http://localhost:8080/WebUI"
>       REMOTE_USER="principalId sn eppn persistent-id targeted-id NameID"
> signing="false" encryption="false" attributePrefix="AJP_" 
> homeURL="http://localhost:8080/WebUI">

That's not how/where you map attributes. Also "sn" is not appropriate
as a unique identifier, and "NameID" probably doesn't exist, unless
you have created it in your attribute-map.xml.


More information about the users mailing list