certificate name was not acceptable
Scott Alexander
scott at salexander.eu
Tue Dec 29 08:48:04 UTC 2020
HI,
I have a working setup. IDP and numerous SPs. It works fine
I cloned the IDP and created a new SP. I want the new IDP to have a
different backed to auth users.
I edited the IDP. I'm able to login successfully but the SP in it's logs
has
in browser I see Message was signed, but signature could not be
verified.
cat /var/log/shibboleth/shibd_warn.log
2020-12-28 15:31:38 WARN Shibboleth.Config : DEPRECATED: legacy 2.0
configuration, support will be removed from a future version of the
software
2020-12-28 15:31:39 WARN Shibboleth.Application : insecure cookieProps
setting, set to "https" for SSL/TLS-only usage
2020-12-28 15:31:39 WARN Shibboleth.Application : handlerSSL should be
enabled for SSL/TLS-enabled web sites
2020-12-28 15:31:39 WARN OpenSAML.MetadataProvider.XML : DEPRECATED:
file attribute should be replaced with path to specify local resource
2020-12-28 15:32:20 ERROR XMLTooling.TrustEngine.PKIX [4] [default]:
certificate name was not acceptable
2020-12-28 15:32:20 WARN OpenSAML.SecurityPolicyRule.XMLSigning [4]
[default]: unable to verify message signature with supplied trust engine
2020-12-28 15:32:20 WARN Shibboleth.SSO.SAML2 [4] [default]: detected a
problem with assertion: Message was signed, but signature could not be
verified.
2020-12-28 15:32:20 WARN Shibboleth.SSO.SAML2 [4] [default]: error
processing incoming assertion: Message was signed, but signature could
not be verified.
I've checked metadata, certs, everything. Something must still be wrong.
Anyone had a similar problem and or ideas how to find what could be
wrong.
Terveisin/Regards
Scott Alexander
More information about the users
mailing list