key algorithm didn't match ('AES' != 'RSA') failed to decrypt assertion: Unable to locate an encrypted key.
Cantor, Scott
cantor.2 at osu.edu
Thu Sep 20 22:46:34 EDT 2018
If you control the IdP, I would probably suggest reverting the "fix" and turning off encryption at the end just to get more into the processing and see what it does. I would imagine it would throw an audience condition failure like people used to get when they had overrides mis-configured.
This is too basic a scenario to seem like a bug to me, I would have to think there's an Apache issue getting the Location block applied the way it seems it should.
-- Scott
On 9/20/18, 10:14 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
On 9/20/18, 9:59 PM, "users on behalf of Lipscomb, Gary" <users-bounces at shibboleth.net on behalf of glipscomb at csu.edu.au> wrote:
> Have I missed something when using ShibRequestSetting entityIDSelf ?
It was trying to decrypt believing itself to be operating with a different name and the IdP inserts the name it knew in the key recipient field and they don't match. Bug maybe, or something else not in evidence preventing it from applying that setting to the handler location(s).
-- Scott
More information about the users
mailing list