error processing incoming assertion: KeyName must have TextContent.
Sathyaprasad, Sandeep (NIH/CIT) [C]
sathyaprasads at mail.nih.gov
Fri Mar 20 15:21:43 EDT 2020
Thanks Scott, is there an example on how the KeyName element looks like in an encrypted SAML? Which Shibb SP can process it.
-----Original Message-----
From: Cantor, Scott <cantor.2 at osu.edu>
Sent: Wednesday, March 18, 2020 2:27 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: error processing incoming assertion: KeyName must have TextContent.
On 3/18/20, 2:20 PM, "users on behalf of Sathyaprasad, Sandeep (NIH/CIT) [C]" <users-bounces at shibboleth.net on behalf of sathyaprasads at mail.nih.gov> wrote:
> Do you happen to know how can I get past this error?
You can't (assuming they won't fix it). The empty KeyName element is not valid in SAML and the SP blocks empty element to prevent null pointer crashes all over the code from accessing content that's not supposed to be null without adding even more checking than it has to do already. It's a blanket security measure that limits the attack surface.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list