Simple signature validation failed

Les LaCroix llacroix at
Fri Nov 16 15:01:38 EST 2018

Thanks for the prompt reply, it was spot-on as usual.  They actually ARE
using Shib SP, and the downloaded metadata has two certs in it.  Must be
trying to change certs.


Les LaCroix '79 | Strategic Technologist
Carleton College | 1 N. College St. | MS 3-ITS | Northfield, MN 55057
507.222.5455 | free/busy

On Fri, Nov 16, 2018 at 1:37 PM Cantor, Scott <cantor.2 at> wrote:

> On 11/16/18, 2:27 PM, "users on behalf of Les LaCroix" <
> users-bounces at on behalf of llacroix at> wrote:
> > In the mean time, is there a relying-party configuration change I can
> make for this one SP to get past this error?
> No, just system level changes to remove/bypass the code that checks the
> signature. I suppose in the unlikely case they were using Shibboleth, the
> simplest change is to just interrogate it for its generated metadata to get
> the key it's actually using out of that and substitute the corrected
> metadata in front of InCommon's copy until it's fixed.
> -- Scott
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list