updating SP's cert in metadata
IAM David Bantz
dabantz at alaska.edu
Fri Sep 28 12:37:33 EDT 2018
SP provided new cert (they provide self-signed certs in metadata with 1
year lifetime).
I added the new cert to my copy of the SP metadata, anticipating a
transition period where either cert could be used, but that triggers this
error in processing an incoming request:
ERROR [137.229.160.20]
org.springframework.webflow.execution.ActionExecutionException:76 >
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing
net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor at 71d0fe07 in
state 'SAML2SSOSecurityPolicy' of flow
'intercept/security-policy/saml2-sso' -- action execution attributes were
'map[[empty]]'
at
org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60)
Caused by: org.cryptacular.StreamException: IO error
at org.cryptacular.util.CertUtil.readCertificate(CertUtil.java:256)
Caused by: java.io.IOException: Incomplete BER/DER data
at
sun.security.provider.X509Factory.readBERInternal(X509Factory.java:751)
Is the strategy flawed or did I do something else dumb?
David Bantz
UA OIT IAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180928/75401956/attachment.html>
More information about the users
mailing list