Signature trust establishment failed for metadata entry
Peter Schober
peter.schober at univie.ac.at
Mon Jun 29 11:22:10 UTC 2020
* Jehan Procaccia <jehan.procaccia at tem-tsp.eu> [2020-06-29 08:26]:
> - EntityDescriptor 'recruitee' failed signature verification, removing from
> metadata provider
>
> Is there something I can workaround on my side or the service provider mess
> something in their metadata ?
If the signature is incorrect then SP would have to fix the signature
(or you'd have to remove the signature validation filter, throwing any
security out the window).
You can verify the signature outside of the IDP codebase using
e.g. XmlSecTool or xmlsec1 or samlsign, cf.
https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataCorrectness#MetadataCorrectness-SignatureVerification
-peter
More information about the users
mailing list