SV: Shibb sp error
Kicic Sakib
Sakib.Kicic at smhi.se
Thu Jan 28 10:57:01 UTC 2021
Thanks for answer.
Yes, problem is that we need to generate new certificate key pair.
Strange thing is that these sp certificate files where empty for a long time but idp logs says nothing about it until today after restart of idp service. And we also load metadata for sp via proxy each 5 minutes and sp has worked fine all time.
I think we will go with oidc so we don't get problem with certificates and metadata.
Regards,
-----Ursprungligt meddelande-----
Från: users <users-bounces at shibboleth.net> För Peter Schober
Skickat: den 28 januari 2021 11:48
Till: users at shibboleth.net
Ämne: Re: Shibb sp error
* Kicic Sakib <Sakib.Kicic at smhi.se> [2021-01-28 11:09]:
> shibboleth[1932594]: ERROR Shibboleth.Handler.Metadata [1932594]
> shib_check_user [default] [default]: error while processing request:
> Can't self-sign metadata, no credential resolver found.
What OS/version is this on?
Sounds to me like you have no key pair generated for the SP (which the installer would do automagically on RHEL/CentOS; on Debian/Ubuntu/etc you'd have to run shib-keygen) *and* configured the SP to sign its own metadata (for whatever reason, probably a misunderstanding).
-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list